The RISKS Digest
Volume 18 Issue 80

Saturday, 1st February 1997

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Berkeley student Ian Goldberg takes 3.5 hours to crack RC5 40-bit key
press release
via John van Heteren and Al Stangenberg
Non-Anglo Names Confound U.S. Social Security
Scott Lucero
Spelling checkers and inconsistent interfaces
Geoff Kuenning
Electronic Funds Transfer without stealing PIN/TAN
Debora Weber-Wulff
Corel warns about Word macro viruses
Yves Bellefeuille
RISKs of virtual patients
CSR hit by Year 2000 bug
Norman Fenton
Malicious Net Software Leads to Big Telephone Bills
Jeff Uphoff
Re: New US regs ban downloadable data-security software
Ian Goldberg
The Risk of Changing a Mailing List
Chris Meadows
MS Office steals my initials - Follow-up
Michael Franz
MCI as ISP, some security concerns...
Helen Stewart
"Moths to the Flame" by Rawlins
Rob Slade
Info on RISKS (comp.risks)

Berkeley Student Ian Goldberg Takes 3.5 Hours to Crack RC5 40-bit Key

Al Stangenberger <>
Fri, 31 Jan 1997 10:49:25 -0800 (PST)
  [John van Heteren found this press release on and sent it to comp.dcom.telecom .]

Berkeley — It took UC Berkeley graduate student Ian Goldberg only three and
a half hours to crack the most secure level of encryption that the federal
government allows U.S. companies to export.

[On 28 Jan 1997] RSA Data Security Inc. challenged the world to decipher a
message encrypted with its RC5 symmetric stream cipher, using a 40-bit key,
the longest keysize allowed for export.  RSA offered a $1,000 reward,
designed to stimulate research and practical experience with the security of
today's codes.

Goldberg succeeded a mere 3.5 hours after the contest began, which provides
very strong evidence that 40-bit ciphers are totally unsuitable for
practical security.  "This is the final proof of what we've known for years:
40-bit encryption technology is obsolete," Goldberg said.

RSA's RC5 cipher can however be used with longer keysizes, ranging from 40
to 2,048 bits, to provide increasing levels of security.

U.S. export restrictions have limited the deployment of technology that
could greatly strengthen security on the Internet, often affecting both
foreign and domestic users, Goldberg said.  "We know how to build strong
encryption; the government just won't let us deploy it. We need strong
encryption to uphold privacy, maintain security, and support commerce on the
Internet — these export restrictions on cryptography must be lifted, " he

Fittingly, when Goldberg finally unscrambled the challenge message, it read:
"This is why you should use a longer key."

The number of bits in a cipher is an indication of the maximum level of
security the cipher can provide, Goldberg said. Each additional bit doubles
the potential security level of the cipher. A recent panel of experts
recommended using 90-bit ciphers, and 128-bit ciphers are commonly used
throughout the world, but U.S. government regulations restrict exportable
U.S. products to a mere 40 bits.

Goldberg used UC Berkeley's Network of Workstations (NOW) to harness the
computational resources of about 250 idle machines. This allowed him to test
100 billion possible "keys" per hour — analogous to safecracking by trying
every possible combination at high speed. This amount of computing power is
available with little overhead cost to students and employees at many large
educational institutions and corporations.

Goldberg is a founding member of the ISAAC computer security research group
at UC Berkeley, which is led by assistant professor of computer science Eric
Brewer. In the fall of 1995 the ISAAC group made headlines by revealing a
major security flaw in Netscape's web browser.

  [This item appeared more or less intact in various news media.  Ian also
  was featured in a live hookup at the RSA Data Security Conference on 29 Jan,
  and noted that the key was found after exhausting only 30% of the keyspace.
  2**41.5 workstation-microseconds were expended, at a rate of 1 million
  keys every 6 seconds.  Nifty piece of work.  Incidentally, longer RC5 key
  lengths have increasingly higher prizes, and may still be up for grabs.
  Also, as I recall, one DES key is worth $10,000.  PGN]

    [Typo in title fixed in archive copy.  PGN]

Non-Anglo Names Confound U.S. Social Security

lucero <>
Wed, 29 Jan 97 11:20:25 EST
An internal Social Security Administration (SSA) report described in the 17
Jan 1997 *Washington Post* states that $234 billion worth of wage reports,
some going back to 1937, cannot be matched to individual accounts.  The wage
reports are used to compute benefits.  The San Bernadino SSA District
Headquarters states that their computer system is 'confounded' by Asian,
Latino, Native American and Islamic names.  Surnames with spaces, such as
'de la Rosa' or where the surname is not at the end of the name, such as
'Park Chong Kyu' are typical of those mishandled.  Women who change their
names when getting married also constitute a large portion of the errors.
The San Bernadino office has corrected 100,000 mismatches of the 200 million
unmatched wage reports.

Rep. George E. Brown Jr. has sought a General Accounting Office
investigation, but has been blocked by House Ways and Means Committee
Chairman Bill Archer.

The RISK here is designing a system for a diverse population without
considering procedures to handle that diversity.

Scott Lucero, U.S. Army Operational Test and Evaluation Command

Spelling checkers and inconsistent interfaces

Geoff Kuenning <geoff@Ficus.CS.UCLA.EDU>
Fri, 31 Jan 1997 12:51:38 -0800
A posting on the Orchestra List once again highlights the RISKS of
inconsistent interfaces:

> From: (Michael T. Griffith)
> To: (ork)
> Subject: spellcheckers
> I know some of you have been amused (at best)  by my spellchecker episodes
> in the past few weeks (Hindemith came out as Hindmost was the worst). If
> you're interested, I've discovered the problem, and will share it with
> Microsoft Mail users out there.
> In MS Word, if the spellchecker highlights a word it doesn't know, like
> Hindemith, you can click on "add" and it puts Hindemith into its dictionary
> In MS Mail, if it highlights a word it doesn't know, and you click on "add,"
> it puts the highlighted correction it offered into the dictionary as a
> permanent correction. Since "Hindmost" was the first offered correction, it
> permanently noted that every time I type Hindemith, it would substitute
> Hindmost.

So in one interface, "add" means "add this word, as-is, to the dictionary."
In the other, "add" means "add this suggested replacement to the dictionary
and never ask me again."

Incidentally, ispell users have been asking for the latter feature for
years, but I have stubbornly refused because I think that automated
replacement is far too RISKy to trust a computer.

Geoff Kuenning

  [Hindemith wrote "Mathis der Maler".  Hindmost wrote "MS der Mauler",
  seemingly applicable in English (one who mauls).  Although not quite
  echt deutsch, there are several potentially pertinent interpretations
  as well.  PGN]

Electronic Funds Transfer without stealing PIN/TAN

Debora Weber-Wulff <>
1 Feb 1997 05:12:02 GMT
The Berlin newspaper "Tagespiegel" reports on 29 Jan 97 about a television
show broadcast the previous evening on which hackers from the Chaos Computer
Club demonstrated how to electronically transfer funds without needing a PIN
(Personal Identification Number) or TAN (Transaction Number).

Apparently it suffices for the victim to visit a site which downloads an
ActiveX application, which automatically starts and checks to see if
Quicken, a popular financial software package that also offers electronic
funds transfer, is on the machine. If so, Quicken is given a transfer order
which is saved by Quicken in its pile of pending transfer orders. The next
time the victim sends off the pending transfer orders to the bank (and
enters in a valid PIN and TAN for that!)  all the orders (= 1 transaction)
are executed -> money is transferred without the victim noticing!

The newspaper quotes various officials at Microsoft et al expressing
disbelief/outrage/"we're working on it". We discussed this briefly in class
looking for a way to avoid the problem. Demanding a TAN for each transfer is
not a solution, for one, the banks only send you 50 at a time, and many
small companies pay their bills in bunches. Having to enter a TAN for each
transaction would be quite time-consuming. Our only solution would be to
forbid browsers from executing any ActiveX component without express
authorization, but that rather circumvents part of what ActiveX is intended

A small consolation: the transfer is trackable, that is, it can be
determined at the bank to which account the money went. Some banks even
include this information on the statement, but who checks every entry on
their statements...

Debora Weber-Wulff, Technische Fachhochschule Berlin, Luxemburger Str. 10,
13353 Berlin GERMANY <>

  [Now you can get a TAN even in the dead of winter!  PGN]

Corel warns about Word macro viruses

Yves Bellefeuille <an448@FreeNet.Carleton.CA>
30 Jan 1997 05:03:46 GMT
In an advertisement in the latest issue of _Time_ magazine (3 February
1997, Canadian edition), Corel mentions the existence of Word macro
viruses as a reason to prefer WordPerfect:

  Virus Free* — Steer clear of the recently identified Microsoft (r) Word
  macro viruses. With Corel WordPerfect Suite 7 and Corel Office
  Professional 7, it's safe to share documents with your co-workers.
  [* Source: _WordPerfect for Windows Magazine_, November 1996, p. 21]

It will be interesting to see if WordPerfect really does profit from this
problem. Personally, I'm still using WordPerfect 5.1 for DOS! ;-)

Yves Bellefeuille, Ottawa, Canada

RISKs of virtual patients

+33)388412674 <"Nick BROWN" <> (Tel>
27 Jan 1997 15:17:43 +0000
According to BBC Radio 4's "Today" programme this morning (January 27th
1997), a hospital in Bristol, England, has created a "medical simulation
centre".  The flagship effort of this centre is a "patient simulator" on
which medical students, doctors, nurses, paramedics, etc can "practise"; the
idea being, presumably, to make the really bad mistakes before getting to
real live patients, similarly to how airline pilots are trained.

The following points came to mind as I listened to the centre's spokesperson
presenting this huge breakthrough in medical training:

1. To what extent will the bedside manner of many doctors be enhanced by
training on an unfeeling robot ?

2. The simulator apparently cost GBP 250,000.  Does anyone else feel that
US$400,000, or two person-years of relatively inexpensive systems consultant
time, is perhaps on the low side for a full simulation of what took
evolution several million years to achieve ?  Or maybe the simulation is
perfect and only the centre's accounting software has problems ?

3. Anyone want to be next month's paycheck that administering 32767
milligrams of any substance to the simulator will not cause a previously
present, non-zero quantity of that substance to go negative and thus
disappear ?  Once medical students discover that a blood alcohol level of
200 milligrams can be reduced by administering the equivalent of six bottles
of vodka, how many will go out and try it, and then sue the simulator's
programmers ?

Nick Brown, Strasbourg, France

CSR hit by Year 2000 bug

Norman Fenton <>
Tue, 28 Jan 1997 23:19:07 +0000
  [Forwarded with permission by Pete Mellor <>.]

Can you believe that we have already been hit by a Year 2000 bug?  Today I
went with my part-time PhD student to the library and her card was
rejected. This is because her card expiry date is the year 2000 which,
according to the library computer entry system, is 1900, i.e., her card is
rejected for being out of date.  (She actually has got a print-out which
states that her card expires in 1900.)

Apparently the problem is known to library and security* staff but they have
not done anything about it. Considering how new** the library is, is it not
incredible that such a serious and obvious year 2000 bug was not avoided?


  [Explanatory annotations from Pete Mellor:]

* Our identity cards, which should be worn at all times within the
university, are dual purpose, and serve as library cards also. The library
identifies the owner by a bar-code. There is a magnetic strip on the back,
which is not (at the moment, as far as I am aware) used for anything. For
staff on fixed term contracts, an expiry date is shown on the card and held
on the database.

** The library has just undergone major refurbishment and extension, and
installed a new computer system.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Square, London EC1V 0HB, UK. +44 (171) 477-8422,

Malicious net software leads to big telephone bills

Jeff Uphoff <>
Thu, 30 Jan 1997 17:39:31 -0500

Porn on Net leads to big bills;
Overseas phone flip boosts phone bills, police say
By Robert Brehl - Toronto Star Business Reporter, 29 Jan 1997

A bizarre scam involving pornography on the Internet has cost victims
hundreds of dollars, Royal Canadian Mounted Police say.

Some victims have been unknowingly charged up to $1,200 to download
porn from the Web site (, said Corporal Marc Gosselin,
of the RCMP's computer crime unit.

Gosselin said the scam worked this way:

The website informs Internet surfers that looking at nude pictures is free.
To see the pictures, ``a special image viewer'' must be clicked on and
downloaded to your home computer.

``And that's a virus, a Trojan horse,'' the Mountie said.

When it is clicked on, the viewer's modem is disconnected from the
regular local Internet service provider, Gosselin said.

Then the dialer volume is turned off, and a phone number in Moldova,
in the former Soviet Union, is dialed.

Surreptitiously, the person's computer in Canada is then hooked to a
phone number in Moldova, Gosselin said.

>From Moldova, the call is bounced back to a computer in Scarborough
where the pornographic pictures are stored.

``You're accessing a server in Scarborough through a long-distance
call to Moldova,'' Gosselin said.

The scam can continue even after viewing the pornography.

That's because Internet surfers may move on to other Internet sites,
but are still unknowingly connected to Moldova and racking up
long-distance charges, Gosselin said in an interview from Montreal.

Because the investigation is continuing and charges are pending, the
Mounties refuse to name the company in Scarborough.

The Star attempted to send an E-mail to officials connected to
( The page has an area for sending E-mail, but would
not accept electronic messages from The Star.

The website boasts having had more than 1 million visitors since Jan.
1, 1997. That number could not be verified.

The RCMP has ordered that all calls from Canada to the number in
Moldova not be connected, so this scam has been stopped, the corporal

But telecommunications experts say oodles of other potential scams are
out there, and consumers should beware.

Ian Angus, author of the book Phone Pirates, said using the Internet
is the latest twist in scamming people on long-distance charges.

``It's not just a dirty trick, it's business, big money,'' Angus said.

That's because it's common for phone companies in foreign countries to
try to attract calls from the lucrative North American market, he

Bell will look at each case before deciding whether to waive the

Typically, foreign phone companies enlist entrepreneurs to generate
calls and then, in turn, pay the entrepreneurs a percentage of each

Canadian phone companies ``must pay international settlement charges
to foreign countries even if they can't collect at home,'' said Angus,
president of Angus Telemanagement.

Bell Canada spokesperson John Peck said the company will look at each
complaint before deciding whether to waive the charges.

``But we're on the hook for it, too,'' Peck said. ``Chances are the
individual will be held responsible.''

If Bell waived the charges, other Bell customers and shareholders
would be subsidizing the charges rung up, unknowingly or not, by
people downloading pornography.

Gosselin and Angus said Bell probably won't get too many complaints
because of the embarrassment factor for victims forced to admit what
they were doing in order to argue for a rebate.

The RCMP has had 20 complaints so far, but hundreds of others have
probably been taken, Gosselin said.

He said it would be several weeks before any charges are laid related
to unauthorized access to computers and fraud.

Re: New US regs ban downloadable data-security software

Ian Goldberg <>
Mon, 13 Jan 1997 17:45:38 -0800 (PST)
Lucky Green (RISKS-18.75) said:

> The new US crypto export regulations control the export of most if not all
> data-security software. Regardless if the software uses cryptography or
> not. Many software archives seem to be in violation of the new regs. [...]
> This certainly controls virus checkers, firewalls, and other security
> software. There are substantial penalties involved in violating the EAR.
> The US can assess daily penalties and block all exports of a company's
> non-violating products. Criminal penalties apply as well.
> "Export", as defined in the new regs, includes making software available on
> the web or via ftp.

After _very_ careful reading of the Export Administration Regulations (EAR)
(though IANAL), it would seem that the above is slightly inaccurate.

Although, as Lucky pointed out, virus checkers et al. are indeed regulated
for export from the US, and putting software up for ftp or WWW is considered
export, the EAR does _not_ apply to "publicly available" software
(732.2(b)(1)).  Software is publicly available "when it is available for
general distribution either for free or at a price that does not exceed
the cost of reproduction and distribution" (734.7(b)).

Therefore, it would seem that, as long as the security software on your ftp
or WWW site is free of cost, it is OK to keep it there.  Commercial
security software, however, remains export-restricted.

NOTE, however, that products that actually do contain cryptography fall
under an exception (734.7(c)): "Notwithstanding paragraphs (a) and (b) of
this section, note that encryption software controlled under ECCN 5D002 for
``EI'' reasons on the Commerce Control List (refer to Supplement No. 1 to
part 774 of the EAR) remains subject to the EAR even when publicly

The software controlled for EI reasons under 5D002 are described as: "EI
controls apply to encryption software transferred from the U.S.  Munitions
List to the Commerce Control List consistent with E.O. 13026 of November 15,
1996 (61 FR 58767) and pursuant to the Presidential Memorandum of that
date. Refer to Sec. 742.15 of the EAR."

As virus checkers et al. were not on the Munitions List, they are not
controlled for EI (Encryption Items) reasons, but rather for NS (National
Security) and AT (Anti-Terrorism) reasons.

The RISKS: the government suddenly creating (and putting into effect) new
rules covering large amounts of software, without warning or (in my opinion)

   - Ian "again, IANAL"

The Risk of Changing a Mailing List

"It's a thingie! A fiendish thingie!" <>
Thu, 30 Jan 1997 08:37:20 -0600
I subscribe to the Timecast Times mailing list, a fairly low-volume but
large-size announcement mailing list I'm on.  It's not a discussion list but
an announcement list--usually, it sends one ~5-10K file through, once a
week.  Last night, one of these announcement posts bounced, and the bounce
apparently went out to the entire Timecast Times list.

I didn't think too much of this e-mail bounce, hardly even glanced over it.
But this morning, I received about eight more message from said list, mostly
from subscribers saying "Please take me off this list!", some of whom quoted
the entire 8K announcement file along with their message.

Taking a closer look at the messages revealed something rather interesting.
Cause of the bounces aside, the message at the end of Timecast Times that
used to state:

> ** To remove yourself from this mailing list, send a message to
> with
> UNSUBSCRIBE your_e-mail_address
> on a single line in the body of the message. **

now reads

> For help subscribing, unsubscribing, and changing your e-mail address,
> send e-mail with the word "Help" in the subject line to
> You will receive an automatic response with
> instructions.

From this, it looks like they've had to change their mailing list software
when they changed the site the list was running from.

Offhand, I'd say there are two major RISKS to be seen in this:

RISK #1 can be found in the advice that when you're switching mailing list
software, it would be a good idea to know what you're doing.  Looks to me
like misconfiguration caused bounces to be sent through the list to its
subscribers, instead of to the listowner alone; e-mail replies to the list
to be sent to the subscribers rather than just the listowner; and maybe even
the original bounces in the first place.  The RISK here is that
misconfiguration can lead to mess-up.

RISK #2 advises that you should make it as _easy_ to unsubscribe as you
possibly can.  Firstly, instructions should be at the _beginning_ of the
message...if you don't want to be receiving the thing, are you really going
to read it down all the way through the end?  Second, it should be clear-cut
and self-evident what to do just by looking at it.  "For help, e-mail here"
just doesn't cut it.  The RISK here resides in people's inherent tendency
toward laziness: People don't want to _work_ to get off a list like this,
they're going to hit that big old 'R' key and say "Take me off, now!"
instead, probably quoting the entire message in the hopes of filling up the
mail spool of whoever they're replying to.

When you combine the RISK of misconfiguration with the RISK of obfuscation,
you get a snowball effect as more and more people reply quoting the entire
message, causing more and more mailboxes to fill up or more time to be spent
downloading junk e-mail, causing more and more people to reply...

Chris Meadows aka Robotech_Master

MS Office steals my initials - Follow-up

Michael Franz <franz@UCI.EDU>
Thu, 30 Jan 1997 16:06:47 -0800
Thanks to the more than 100 people who replied to my posting (many of them
to my msof-address :-).

Many of you suggested that msof might be in my "AutoCorrect" word list, and
some were wondering who had put it there. It turns out that the problem is
related, but not due to "AutoCorrect". It seems that Word97 not only has an
"AutoCorrect" feature, but also an independent "AutoText" with
"AutoComplete" feature, and this is what's causing the visible substitution
effect. AutoText has a word list that includes such wonderful phrases as
  Best Regards,
  Dear Mom and Dad,
  Dear Sir or Madam,
and, yes, you guessed it,

When you have AutoComplete turned on, which is the default after
installation, anything you type that matches an AutoText entry is expanded
when you press Enter or Tab. For example, typing the four letters "to w"
(with a blank between o and w) and then the Tab key, will yield the string
"To Whom It May Concern:" on your screen.

This still doesn't explain, however, why the MS Office installer performs
such auto-text expansions on existing user-preference files when upgrading
from Word 95 to Word 97. Might it be that, internally, this is actually
performed by parsing the old configuration file and writing out a new one
*using Word itself*? Then, if the new-configuration-writer would type msof
followed by a Tab or a Return, you would get MSOffice...

Michael Franz

MCI as ISP, some security concerns...

Helen Stewart <>
Mon, 27 Jan 97 09:02:55 PST
Yesterday, I registered my mother to MCI as an ISP.  They create your access
codes, which are long mixed characters, for what they call security.  They
aren't very informative about how to use the services or an explanation on
your user codes, they ask for you to create a code or phrase in the
beginning on registering, for authentication if you have problems with
service etc.  They also give you your first.lastname as your userid.

So, I accessed the MCI server with the strange code, but when I got to my
mothers e-mail stuff there was another code they created for security, but
it wouldn't authenticate.  So, I called them telling them I was my mother
and asked for the username code and password code.  The only thing they
asked me for was my mother's home address prior to giving me the codes!  I
could have been anyone asking for the username codes and passwords!  They
gave me both codes, one for accessing the server and the e-mail one!

What worries me about all this, is that it doesn't take much to know if
someone has an account on MCI and get their address?  Then, just call in
saying that you forgot your codes and then login, purchase MCI's products
online using the credit card that you gave MCI to bill you monthly?  Right?

The funny thing is that they earlier asked for a phrase etc. for service...
but they didn't ask me for it?  They didn't ask me for the accounting codes
or service codes that they provided after registration on the browser?  Just
the physical home address?

Is this dangerous or what?  I immediately had my mother cancel the service
with them.  Please look into this and see if they do this to other people?
I am worried how easy it is to do this with other providers other than MCI?

Helen Stewart

"Moths to the Flame" by Rawlins

Rob Slade <>
Mon, 27 Jan 1997 13:08:37 EST

"Moths to the Flame", Gregory J. E. Rawlins, 1996, 0-262-18176-2, U$22.50
%A   Gregory J. E. Rawlins
%C   55 Hayward Street, Cambridge, MA   02142-1399
%D   1996
%G   0-262-18176-2
%I   MIT Press
%O   U$22.50
%P   184
%T   "Moths to the Flame"

From the subtitle, "The Seductions of Computer Technology", one can,
perhaps, assume that the book is not going to be an unalloyed apologia for
the computer.  Poor old technology seems to be a popular stuffed lion to
kick these days.  Rawlins' book, more like a series of articles, is more
informed and erudite than most, but readers of, say, the RISKS-FORUM Digest
will find this to be thoroughly plowed ground.

Rawlins looks at encryption (rather well, actually), virtual reality,
information technology, the net, weapons technology, and employment.
Chapter 7 gets a little out of hand: it finishes with two (not terribly
good) science fiction "cautionary tale" set pieces.  The final chapter moves
out into the realm of technology in general, but returns to a bit more
balanced view.

copyright Robert M. Slade, 1996   BKMTHFLM.RVW   961021  
  Please note the Peterson story -

  [Only one bit more?  Maybe he bit off more moths than he could shoo.  PGN]

Please report problems with the web pages to the maintainer