The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2 Issue 34

Thursday, 27 Mar 1986


o RSO's and IIP's - Martin Moore's response
Henry Spencer
o Range Safety: a final word
Martin Moore
o Someone really sophisticated, with a Ph.D...
Nigel Roberts
Keith F. Lynch
o Info on RISKS (comp.risks)

Re: RSO's and IIP's - Martin Moore's response

Wed, 26 Mar 86 20:45:04 EST
> Now, to answer your question, missiles launched at the Cape NEVER fly over
> land intentionally except at the very first seconds (unavoidable) or during a
> shuttle landing...  This is why the launch facility at Vandenberg was built;
> shuttles cannot be launched into polar orbits from the Cape because there is
> land both due north and due south...

As an example of how bureaucratic priorities can sometimes override known
safety considerations, it is worth noting that the Office of Mismanagement
and Bean-counting did suggest saving the cost of the Vandenberg shuttle
facility by launching north from KSC.  This idea was a non-starter for about
five different reasons, range safety not least.  It's amazing that it was
ever suggested, but it was -- quite seriously.

                Henry Spencer @ U of Toronto Zoology

Range Safety: a final word

"MARTIN J. MOORE" <mooremj@eglin-vax>
0 0 00:00:00 CDT
Apparently I confused a few people judging by the mail I've gotten...what I
said about missiles launched at the Cape not flying over land applies ONLY TO
MISSILES IN THE LAUNCH PHASE.  Obviously, satellites in orbit pass over a
large part of the Earth's surface.  And as another contributor pointed out,
some test ranges routinely fly missiles over land; I was talking only about
the Cape, which does not.

I think this discussion is reaching the point of diminishing returns from the
RISKS viewpoint.  I will continue to answer detailed questions by personal
mail, but let's move them out of RISKS.

                    /mjm                [PGN concurs.]

Someone really sophisticated, with a Ph.D...

Monday, 24 Mar 1986 05:26:49-PST
  ----------reply to mail dated 24-MAR-1986 06:19 [RISKS-2.33]-----------

  >     ''It is possible to break into a system if all physical and software
  > security measures are ignored,'' Armstrong said.
  >     ''But it would take someone really sophisticated, with a Ph.D. in math
  > or computer science.''

Since when does a Ph.D in math, or even one in Computer Science, teach you
how to be a hacker (either kind)?

Most of the "Computer Burglars" I have come across were entirely self-taught.

       [I presume that is why Geoff titled it the way he did.  It is guys
        such as Armstrong who are headstrong -- except that their heads are
        in the sand.  They really believe it takes sophistication.  Readers
        of RISKS supposedly know better, although I have tried to be fairly
        gentle in exposing gross security flaws in existing systems.  PGN]

Someone really sophisticated, with a Ph.D...

"Keith F. Lynch" <KFL@AI.AI.MIT.EDU>
Mon, 24 Mar 86 22:06:43 EST
  There was a story on the front page of the Washington Post on February
20th headlined "Maryland Computer Whiz Kid Faces Seven Theft Charges" and
subsubtitled "Credit Card Numbers Shared Electronically".  It described a 15
year old who got credit card numbers off a pirate CBBS and ordered computer
equipment over the phone to be sent to a vacant house.  Other than this, the
"whiz kid" did nothing at all remotely exceptional.
  It looks to me like the wave of computer hysteria still hasn't passed.
One of our Senators here in Virginia is introducing a bill to allow
unlimited government snooping into personal computer files on the grounds
that there might be data on child molestation (!) on the floppies.  Seems to
be an equally good case could be made on those grounds for warrantless
searches of personal papers, and any other violations of the Bill of Rights
I can think of.
  Computer security is the responsibility of system managers.  There is a
growing trend toward making microcomputers, often with no security systems
at all, available over phone lines.  Unknown phone numbers are NOT good
security.  Lots of kids dial numbers randomly searching for modem carriers.
  And there can be NO excuse for not having important data backed up.
To make frequent backups should be the first thing anyone learns about
computers.  And being able to easily and frequently save state is one
of the most important things any program should do.

Please report problems with the web pages to the maintainer