The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 19 Issue 23

Thursday 26 June 1997

Contents

o U.S. Supreme Court rules on Communications Decency Act
PGN
o RSA's DES challenge achieved
PGN
o McCain-Kerrey Secure Public Networks Act
PGN
o Revised Internet Regulation in China Announced
Li Gong
o "Hackers" get into Ramsay case computer
Jonathan Corbet
o Backhoe-attack cable thief disables phone service in Russia
Betty G.O'Hearn
o Malfunction Causes Motor Melee
Scott Lucero
o 1998-1999 Leonids may damage satellites
Jonathan Nash
o Unix path risks -- well-known, but still amusing
Michael Patrick Jackson via Alan Wexelblat
o Microsoft Web site Interrupted by cracker
Edupage
o MS Outlook sends e-mail on Ctrl-Enter when editing with Word
Michael Passer
o Malepropylene Microdictus
Stephen Speicher
o Re: Software Problems with new UK ATC Center
Andres Zellweger
o Old risks, new villains... when will they learn?
Quinn Yost
o 7-Eleven Big Brother
Mich Kabay
o UK Government proposes ID numbers for 4-year-olds
Gary Barnes
o Chip Theft by Home Invasion
David Kennedy
o Re: Company blackmails Netscape for details of browser bug
Dorothy Denning
o Netscape vs. Cabocomm
Andy Waldis
o "Secret Power" claims to expose secret international spying networks
Betty G.O'Hearn
o Info on RISKS (comp.risks)

U.S. Supreme Court rules on Communications Decency Act

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 26 Jun 97 8:12:48 PDT
Seven* Justices (in the majority opinion written by Justice Stevens) ruled
that the Communications Decency Act violated free-speech rights in
attempting to protect children from sexually explicit material on the
Internet.  The remaining two Justices (in an opinion written by Justice
O'Connor, with Chief Justice Rehnquist concurring) agreed that the CDA was
unconstitutional, but wrote that they would invalidate the law only insofar
as it interferes with the First Amendment rights of adults.

  [The decision opinions are on-line at http://www.cdt.org,
  http://www.epic.org, and http://www.ciec.org.
  See RISKS-17.71,72,74, and RISKS-18.20 for earlier background.
  Similar state laws in NY and Georgia were also recently overturned.  PGN]

     [* Typo (nine) fixed in Archive copy.  NINE thought it
     unconstitutional.  Two had caveats.  PGN]


RSA's DES challenge achieved

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 26 Jun 97 8:12:57 PDT
After four months and exhaustion of about one fourth of the 72 quadrillion
possible keys, the RSA challenge for the 56-bit DES key was successful.
The *brute* in *brute force* is becoming more Godzilla-like.
[See http://www.rsa.com for the status of the other RSA challenges.]


McCain-Kerrey Secure Public Networks Act

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 26 Jun 97 8:13:03 PDT
The McCain-Kerrey bill calls for extensive key-recovery infrastructures for
encryption used in storage and communications.  The wording also seems to
require key recovery for authentication and certificate authorities as well,
which would seem to introduce enormous potential risks above and beyond
those previously addressed in RISKS.  The bill was slipped through the
committee as a substitute for ProCode, with essentially no discussion.
It appears that there are many lurking issues that were not adequately
understood by the Senators.  Serious study seems urgently needed.

  [See http://www.epic.org and http://cdt.org for text and analyses of the
  bill.  Senate Judiciary Committee hearings on this subject were scheduled
  for yesterday (25 Jun), but were postponed at the last minute because
  of other Senate action.  You will find my would-have-been testimony on my
  web page.  PGN]


Revised Internet Regulation in China Announced

Li Gong <gong@crypto.Eng.Sun.COM>
Sat, 14 Jun 1997 11:49:39 -0700
The overseas edition of the *People's Daily* (June 9, 1997, p.2) gave
details of the 17-clause revised regulation regarding the establishment and
operation of any computer network that is connected to the Internet.
Highlights include:

Clause 6. All networks with direct international connections must go through
public access networks managed by the Post and Telecommunication Ministry.

Clause 7. Existing networks are to be reorganized and managed by the
following 4 institutions: Post and Telecommunication Ministry, Electronics
Ministry, National Council of Education, and the Chinese Academy of
Sciences.

Clause 9.3 All operators (ISPs and their clients) must have security and
secrecy regulations in place and must have adequate technical protection
mechanisms.

Clause 13.  All operators and personnel must abide by laws regarding
national security, criminal activities, ..., and the spread of pornography.

Clause 9.3 seems to have gone beyond the normal expectation of an
operator in the west.

Li Gong, JavaSoft, Sun Microsystems, Inc.


"Hackers" get into Ramsay case computer

Jonathan Corbet <corbet@atd.ucar.edu>
Fri, 13 Jun 1997 09:53:10 -0600
I assume most of the civilized world has heard about the Jon-Benet Ramsay
murder case.  Here in Boulder, where it's a local story, our newspaper
reports on it daily, while chiding the tabloids for doing the same thing.  I
long since stopped reading these stories, which seemed to offer little of
interest.

The top of page 1 today, however, reads "Hackers Invade Ramsay Case File."
The real problem appears to be that somebody got into the "war room" where
the computer lives, and somehow messed with the machine.  The investigators
are now going through a process of comparing electronic documents with
printed versions, looking for things that have been changed.

The article doesn't say anything about backups.  What do you bet they were
in the same room, if they exist at all?  Manually comparing with printed
documents seems like a poor recovery strategy.  Meanwhile they have no idea
of what information may have been taken out of the room.

The risks: information on your computer will never be safe if you allow
physical access to the machine.  And an environment where a burglar becomes
a "hacker" does not help in identifying the real problems.

The story can be found at

  http://www.bouldernews.com/BoulderNews/News/Local/html/X_9706130172.htm

jon


Backhoe-attack cable thief disables phone service in Russia

"Betty G.O'Hearn" <betty@infowar.com>
Thu, 19 Jun 1997 13:30:33 -0400
"Ron Eward has been saying this for years! The backhoe attack is the
low-tech efficient way to shut down telecomm services without the help of
hackers.  See what happened in Moscow?"  Winn Schwartau

A thief removed 60 meters of cable from the center of the remote Russian
city of Ulan-Ude (the capital of the Republic of Buryatiya, near Mongolia),
which shut down external communications for five hours on 19 Jun 1997.  The
incident affected military and other communications in the region and caused
an estimated loss of 800 million rubles ($135,000).  Apparently, the
criminal or criminals may have been harvesting precious metal from the
lines.  (Earlier this week two thieves were electrocuted in eastern
Kazakhstan as they tried to steal copper wires from a high-voltage power
transmission line.)  [Source: Itar-Tass news, 19 Jun 1997]

  [Warning: *To backhoe* may be dangerous to your health!
  (In the second case, the copper got them in the end.)  PGN]


Malfunction Causes Motor Melee

"lucero" <lucero@smtp-gw.optec.army.mil>
Wed, 18 Jun 97 15:02:36 EST
The United States Auto Club (USAC) declared a new winner in the True Value
500 on 8 June 1997 when an electronic device in five of the cars failed to
record the laps where cars pull into the pit stop.  Although there are two
forms of manual backup, neither were used until hours after the race was
complete even though the officials received notice of the malfunction during
the race.  USAC officials are considering fining A.J. Foyt and Arie
Luyendyk, who turned out to be the winner following the audit, after they
got into a victory circle scuffle.  The malfunction came with 19 laps
remaining, not leaving much time to change over manual methods.  Race
officials counted on the malfunction not affecting the outcome of the race.
The USAC Chief Stewart said this is the first major malfunction since the
devices were introduced in 1990.  The RISK is believing that, just because
it hasn't happened in the past, doesn't mean that it isn't happening now.

Scott Lucero


1998-1999 Leonids may damage satellites

Jonathan Nash <jnash@qis.net>
Thu, 26 Jun 1997 01:36:23 -0400 (EDT)
An article in the 9 Jun 1997 issue of *Science News* warned that the Leonid
meteor showers in 1998 and 1999 may damage satellites.  The Leonid meteor
shower occurs around the middle of November and usually 100 meteors an hour
may be visible. In the Far East in 1998, 100,000 meteors an hour may be
visible. In 1999 there will also be a very heavy Leonid shower in Western
Europe.

"A Leonid storm occurs every 33 years, when Earth passes through the
meteoroid storm shortly after Temple-Tuttle has neared the sun and spewed
fresh particles. On 17 Nov 1998, Earth will hit the Leonid stream just 9
months after the comet has passed closet to the sun.  In that short
interval, the torrent of new meteoroids won't have had time to spread out.
Our planet will encounter a dense swath of debris, creating a veritable
tempest.

"The dust particles are tiny, so chance collisions with spacecraft aren't
the prime worry of scientists. Rather, researchers express concern about the
potential of these particles to create localized clouds of electric charge,
or plasma, that can penetrate satellites and short-circuit equipment.

"The high speed of a Leonid meteoroid - about 72 kilometers per second, more
than three times that of an average meteoroid - favors the production of
clouds of charged material, notes Brown. These can generate lightninglike
discharges inside satellites, zapping fragile electric components.

"Another meteor storm, this one associated with a swath of cometary debris
known as the Perseids, is credited with taking a satellite out of commission
in 1993 (SN: 2 Oct 1993, p. 217). However, the potential for damage is highly
uncertain...  Come 1998, 'everyone is going to go through this test, whether
they like it or not.'"


Unix path risks -- well-known, but still amusing

Graystreak <wex@kangaroo.media.mit.edu>
Wed, 25 Jun 1997 23:13:38 -0400
Date: Wed, 25 Jun 1997 21:39:14 -0400
>From: Michael Patrick Johnson <aries@kangaroo.media.mit.edu>
Subject: insane bug
Reply-To: aries@media.mit.edu

This bug is one for the record books.  It's just too funny.  If only all
bugs could make me laugh.

I was trying to show someone how to use emacs rmail to read mail today.  We
got the stuff setup.  We are using some kerberized pop program for movemail,
not default movemail.  Fine.  We try to incorporate mail and suddenly this
3D OpenGL spinning BEAVER HEAD program pops up!!  My god, what the hell was
going on?  Did someone spawn that accidentally?  No, it goes away when I
C-g. Incorporate again, IT'S BACK!

OK, I am thinking SOMEONE is playing with this poor new student, someone
hacked a dotfile on his somewhere.  No, nothing this insidious.  As it turns
out, the beaver head program was a program he wrote to learn OpenGL.  The
question was, how the hell was it running?  Long story short, the movemail
program was actually a script which did a lot of string munging and happened
to use the unix function "head" in it.  A bad dotfile had put . (dot) first
in his path.  His beaver program was called head.  So we got his beaver
head, not the real head.

Moral: To not lose your head, put . in your path!

Michael Patrick Johnson aries@media.mit.edu MIT Media Lab
http://www.media.mit.edu/~aries/


Microsoft Web site Interrupted by cracker

Edupage Editors <educom@educom.unc.edu>
Wed, 25 Jun 1997 01:03:42 -0400 (EDT)
Microsoft's Web site was disrupted briefly by a computer cracker who broke
into the site's server computers by exploiting a flaw in the Microsoft
Internet server software.  The site was down only about 10 minutes, but
company officials say users may have experienced more problems because the
company currently is upgrading its servers.  Microsoft has posted a fix for
the flaw on its Web site, and a marketing director says all that was needed
to get the machines going again was a reboot.  (*Wall Street Journal*,
23 Jun 1997; http://www.wsj.com; Edupage, 24 June 1997)


MS Outlook sends e-mail on Ctrl-Enter when editing with Word

Michael Passer <mwp@acm.org>
Thu, 26 Jun 1997 10:55:11 GMT
When using Microsoft Outlook (part of their Office 97 suite) to compose an
e-mail message yesterday, I attempted to get rid of some unwanted text
formatting by inserting a page break.  Under normal circumstances, Word
recognizes the key combination Ctrl-Enter as a command to insert a page
break.  (WordPerfect also treats the key combination this way.)  However,
when Word is launched by Outlook as an e-mail editor, Ctrl-Enter causes the
e-mail message to be sent--immediately, with no confirmation.

This behavior is documented on the File menu, where Send has the keyboard
accelerator label "Ctrl-Enter" right next to it.  Perhaps I should have RTFM
(Read The Fine Menu).  However, I don't think co-opting a key with a fairly
common editing function was an optimum user interface design decision.

The RISK?  Sending e-mail unintentionally, before it is completely edited,
can cause problems ranging from trivial (e,g., mild embarrassment at having
sent a message that wasn't done yet) to catastrophic (e.g., abrupt
unemployment as a result of having fired off an unedited missive to an
executive at one's company before one has cooled off).


Malepropylene Microdictus

<Stephen Speicher>
Thu, 19 Jun 1997 13:36:37 -0700 (PDT)
Whoever is the genius in the advertisement deptartment at Microsoft, they
have done it this time. Anybody seen the IE ads on TV lately? The one with a
very effective choral music playing in the background?  Well, the background
music is the Confutatis Maledictis from Mozart's Requiem (Mass for the
dead).  And the words of the final blast of music which accompanies "Where
do you want to go today?" are saying "confutatis maledictis, flammis acribus
addictis..." which means "the damned and accused are convicted to flames of
hell"

Is this the right message for an ad?

Stephen Speicher, Internex Information Services

  [Depends on what you *really* think of your product?  PGN]


Re: Software Problems with new UK ATC Center (Ladkin, RISKS-19.18)

"Andres Zellweger" <zellwega@cts.db.erau.edu>
Tue, 17 Jun 97 13:30:02 -0500
Peter Ladkin, in his report on NERC (New En Route Centre) is absolutely
correct in pointing out the problem of "scaling up" is much more serious
that just fixing bugs.  To my knowledge, no one has yet been successful in
building a modern distributed ATC system that has scaled to the size needed
for NERC or one of the US En Route ATC Centers. In most cases, the problems
have come from the various mechanisms put in place for achieving high
availability and reliability.

As an aside, NERC, located in Swanick, is in a beautiful new building where
all of the controller work stations, with their 20x20 inch 2000 line
resolution color displays, have been installed for months.  Interestingly
enough, there is a lot of extra space because when the architects planned
the building they didn't realize that the powerful workstations would not
require the support of a large main frame computer with its own computer
room etc!

Dres Zellweger

  [Typo fixed in archive copy.  Back ref to 19.18.  PGN]


Old risks, new villains... when will they learn?

Quinn Yost <yost@pobox.com>
Wed, 25 Jun 1997 02:34:21 +0100
The story below is not one that will cause many of you to rush to lessen
it's impact on you. Instead, it simply demonstrates how (despite our best
efforts and their best intentions) some companies just don't quite get our
concern.

The story begins a few months ago when I relocated to a new city.  In the
process of arranging utility type services the local phone company made
their standard offer of issuing a phone card.  Much to my delight, they
offered to send a card with just my name and not my access number printed on
it.

Two weeks later, the card arrives.  As I opened it, I was amused to see that
it had what appeared to be a generic number (knowing it wasn't the number I
had requested and appeared far too blatant) as my pin.  Weeks later when I
finally had a need to use it, I was somewhat surprised to hear the "The
account number - pin combination you have entered is incorrect" message.

After returning home, I promptly called the company and requested to have my
pin changed.  Which they happily did without asking for any identifying
information (I can only hope they used caller-id to make an assumption that
I was indeed who I claimed).  I also asked what the old pin was (assuming a
typo had been made or my memory was failing) and learned that the number
printed on my card was not some generic number, but instead the actual pin.

Again, two weeks later, the card arrives.  This time, not only does it have
my name and pin imprinted apon it, it also has instructions on how to
determine the unprinted portion of the access number.

The risks here I assume are obvious to us all.


7-Eleven Big Brother

"Mich Kabay [NCSA]" <Mich_Kabay@compuserve.com>
Wed, 25 Jun 1997 22:18:24 -0400
> 7-Eleven Operators Resist System To Monitor Managers
> By Norihiko Shirouzu and Jon Bigness
>  Staff Reporters of The Wall Street Journal (Dow Jones  16 Jun 1997)

> Your neighborhood 7-Eleven store may soon feature a new Japanese export: a
> draconian system that allows the company to monitor store managers' every
> keystroke.

Summary of the writers' key points:

* Japanese 7-11 franchise owners must use their point-of-sale (POS)
computers throughout the day to perform inventory analysis and track sales.

* The inventory and just-in-time (JIT) ordering system is crucial
to the Japanese operations management.

* Fresh food is delivered three times a day to each store in accordance
with local traffic.

* "Headquarters ranks stores by how often their operators use the
computer."

* Managers are under enormous pressure; one reported, "It's like being
under 24-hour surveillance; it's like being enslaved."

* Upper management argues that these strict demands and computer-based
monitoring are responsible for improving turnover of products from 100% per
25 days to 100% per 7 days.


M. E. Kabay, PhD, CISSP (Kirkland, QC) / Director of Education,
National Computer Security Association (Carlisle, PA) / http://www.ncsa.com


UK Government proposes ID numbers for 4-year-olds

Gary Barnes <gkb@aber.ac.uk>
Thu, 26 Jun 1997 10:54:54 +0100 (BST)
*The Times* today (26 Jun 1997) reports that the UK government plans to give
every child a national identification number at the age of four, to plot
pupils' progress through school.  The intention is to make the official
national league tables of schools' a more accurate reflection of a schools
performance, by taking into account the fact that some schools take in more
clever pupils than others, which naturally reflects in the current figures.

According to *The Times*, David Hawker, the man responsible for developing
this new scheme gave the reassurance: "We are looking at setting up a
national pupil number. It is nothing to be frightened of because pupil
information is covered by the Data Protection Act."

I am not reassured by this, and neither is Andrew Puddephat, director of
civil rights pressure group Charter 88 who warned that this could be a step
towards a national identity card system. The Labour Government was opposed
to a national identity card scheme when it was in Opposition.

While this may seem to be more of a privacy issue than a computing RISKS
issue, the blind faith that David Hawker has that there is no need for
concern thanks to the Data Protection Act seems a bit misplaced, especially
when no mention is made of what technical measures might be used to assure
the security and integrity of the information stored about pupils.

Gary Barnes


Chip Theft by Home Invasion

David Kennedy <76702.3557@compuserve.com>
Thu, 26 Jun 1997 17:47:58 -0400
Courtesy of United Press International via CompuServe's Executive News
Service:

3 at large in home invasion robbery (UPI)

>   HACIENDA HEIGHTS, Calif., June 20 (UPI) -- Two men have been arrested
> and three others are at large after they allegedly held a family hostage
> while the father was forced to go to his business and turn over $800,000
> in computer chips.

> Police say five heavily armed men drove up to the Hacienda Heights home of
> the unidentified victim at about 10:30 p.m.  Thursday. When they got
> inside, they herded a woman, her 11-year-old son and 14-year-old daughter
> into one room, and forced the husband to drive to his business in the City
> of Industry.

o Someone called the police, SWAT shows up (special weapons and tactics
police unit specializing in high-risk police operations), after t= wo hours,
2 gunmen surrender.

o Three who went with the business owner are at large.  They tied h= im up
in his business and left him there.

Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.


Re: Company blackmails Netscape for details of browser bug

Dorothy Denning <denning@cs.georgetown.edu>
Fri, 13 Jun 1997 14:42:29 -0400
I read the document at the cited URL and it says .

  "Cabocomm said it would accept "reasonable compensation" for the technical
  information -- or they can send a Netscape representative and get it for
  free."

That doesn't sound like blackmail to me.

Dorothy Denning

  [Apparently Netscape was able to get a copy of the script of the demo
  session and from that infer what the flaw was.  No money changed hands.  PGN]


Netscape vs. Cabocomm

Andy Waldis <awaldis@ic.net>
Mon, 16 Jun 1997 15:50:31 -0700 (PDT)
Regarding the finding of a defect in Netscape's browser by the Danish company
Cabocomm, I find it disturbing that so many reports use the terms "blackmail"
and "extortion" to describe Cabocomm's actions.  The use of these terms imply
that Cabocomm was obligated to report the defect it had found and should not
expect to be compensated for their trouble.  This suggests a risk of using
software that I had not been aware of: that we are obligated to report any
defects we find and have no right to expect compensation.  I guess I should be
reading those license agreements a little more carefully.

Cabocomm did not create the problem, Netscape did.  Cabocomm proposed a
solution which Netscape was free to accept or reject.  This wasn't a case of
blackmail, just good old-fashioned capitalism.  Regards,

Andy Waldis  awaldis@ic.net


"Secret Power" Claims to Expose Secret International Spying Networks

"Betty G.O'Hearn" <betty@infowar.com>
Thu, 26 Jun 1997 15:18:21 -0400
"Secret Power" by Nicki Hagar
The International Spying Networks UKUSA and ECHELON
301pp ISBN: 0-908802-35-8

According to this remarkable book, that has somehow escaped the flames of
book banners crying "national security," the United States NSA and the
United Kingdom's GCHQ (Government Communications Headquarters) operate a
global spying network called UKUSA. To listen in on conversations across the
planet, a massive eavesdropping apparatus was built, with tentacles which
reach into dozens of different countries beyond the shores of either the US
or UK as well as across the skies.

Describing the nature of UKUSA, its global affiliations, and operations
represents a huge effort on the part of author Nicki Hager. He states early
on in 'Secret Power':

  "Many people are vaguely aware that a lot of spying occurs, maybe even on
  them, but how do we judge if it is ubiquitous or not a worry at all? Is
  someone listening every time we pick up the telephone? Are all of our
  Internet or fax messages being pored over continuously by shadowy figures
  somewhere in a windowless building?

  "What follows explains as precisely as possible - and for the first time
  in public - how the worldwide [spy] system works, just how immense and
  powerful it is and what it can and cannot do.

  "The global system has a highly secret codename: ECHELON."

And that is the foundation of a tremendous amount of research that describes
in detail how the vast global spying network "collects all the telephone
calls, faxes, telexes, Internet messages and other electronic communications
that its computers have been pre-programmed to select," and then analyzes
the contents and distributes it to members UKUSA and ECHELON partners
world-wide.

The operational details of how the US (NSA), UK (GCHQ), Canada (CSE),
Australia (DSD) and New Zealand (GCSB) intercepts signals, throws high power
computing behind ECHELON 'KeyWord' dictionary attacks and what they do with
that information is potentially alarming; especially since so much of this
decades old practice has been kept under the wraps of security.

Secret Power names the names, provides the dates and the technical details
on the world's largest, best financed and coordinated global spying
apparatus ever conceived. Full of pictures, maps and charts, the reader will
get a complete picture of just how much effort and resources go into
international security, long distance eavesdropping, and spying.

From the Cold War to today, UKUSA and ECHELON have been fascinating and
powerful intelligence functions to spy both on enemies and friends. "Secret
Power" provides the first peek inside the world's most secretive and
powerful electronic spy organization.

"Secret Power" reads like a thriller, except that it's true. It should be
read by everyone with an interest in intelligence, espionage and the
technology that modern spies use.

"An astonishing number of people have told him [author Nicki Hager] things
that I, as Prime Minister in charge of the intelligence services, was never
told...It is an outrage that I and other ministers were told so little."
        -David Lange, Prime Minister of New Zealand 1984-89

"...the most detailed and up to date account of the work of any signals
intelligence agency in existence. It is a masterpiece of investigative
reporting, and provides a wealth of information."
    -Jeffrey T. Richelson, leading authority on United States
intelligence agencies and author of America's Secret Eyes in the Sky, and
co-author of 'The Ties that Bind.'

Please report problems with the web pages to the maintainer

Top