Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 4: Issue 88
Thursday, 21 May 1987
Contents
Re: Phalanx- Phil Ngai
- Open meeting laws
- Dave Parnas
- Concerning UN*X (in)security
- Mike Carlton
- Ed Joyce, Software Bugs: A Matter of Life and Liability
- Eugene Miya
- Risks and system pre-login banners
- PGN
- Risks of Running RISKS, Cont'd.
- PGN
- Info on RISKS (comp.risks)
Re: Phalanx
Phil Ngai <amdcad!phil@decwrl.DEC.COM>
Thu, 21 May 87 09:53:45 PDT
The Phalanx is just a radar controlled machine gun which fires 3000
(20 mm? nearly one inch in diameter) depleted uranium slugs per minute
at anything which moves. Would you keep it on all the time? No one
(but you) said it wasn't reliable.
What does appear to be wrong is that there was only one, to cover the
stern of the ship. The bow was not protected by a Phalanx system and
that is where the (two?) Exocet missiles hit.
Then again, we should realize that frigates such as this one are intended
mostly for anti-submarine/mine work; although it did have surface to air
missiles which could have been used to take out the aircraft which fired the
Exocets, frigates are not really expected to provide their own air defense.
And this one was operating under the assumption that Iraq aircraft were
friendly, so it did not shoot down the aircraft when it could have.
[Perhaps the object was to shoot down the missiles? Was
that the Star Wars analogy to which Chuck was referring?
Also, there was a report that there might have been TWO
planes. (One missile landed undetonated amidship!) PGN]
Open meeting laws (RISKS 4.87)
<parnas%QUCIS.BITNET@wiscvm.wisc.edu>
Thu, 21 May 87 07:12:23 EDT
Do open meeting laws prevent public representatives from conversing in a bar
or a park or at a theatre? Do they prevent telephone calls? If not, why
should they prevent electronic mail conversations?
Dave
[Even my home town of Palo Alto is going through the pains of trying
to make sense of the legal and common-sense implications... PGN]
Concerning UN*X (in)security
Mike Carlton <carlton@ji.Berkeley.EDU>
Thu, 21 May 87 13:41:45 PDT
I think that most people would agree that UN*X is not a secure system, nor is it intended to be. However, a judicious choice of password can discourage amateur or half-hearted attacks on your account. Several methods have been proposed for choosing hard to break passwords; my favorite is simply to use the first letter of each word of some phrase, e.g., 'The rain in Spain falls mainly in the plain' becomes TriSfmitp. This has the advantages that it is not likely to appear in any dictionary, it is very mnemonic and if the password is long enough and rich enough in case, it will stand up to a sustained exhaustive search. There is another risk that I haven't seen mentioned: the use of .rhosts files (at least it's a risk in the BSD world, I've never been in the System V world). Around here, quite a few people have .rhosts entries for several machines, often including at least one Sun. Couple this with the fact that, given physical access, anyone can become root on a Sun and you've got widespread vulnerability without the need for any password attack. Mike Carlton (carlton@ji.Berkeley.EDU), CS Gradual student
Ed Joyce, Software Bugs: A Matter of Life and Liability
Eugene Miya <eugene@ames-pioneer.arpa>
Thu, 21 May 87 13:47:06 pdt
Ed Joyce, Software Bugs: A Matter of Life and Liability, Datamation 33 10,
15 May 1987, pp. 88-92 [Keywords: Malfunction 54, Therac 25, dosimetry,
radiation therapy].
--eugene miya
Risks and system pre-login banners
Peter G. Neumann <Neumann@CSL.SRI.COM>
Thu 21 May 87 20:19:10-PDT
RISKS recently ran an item about the lawsuit that was thrown out because a user had been greeted with "Welcome to the system". The following banner is given by a net-accessible system (which might as well remain nameless), and provides a nice example of the other end of the spectrum. WARNING ** WARNING ** WARNING ** WARNING ** WARNING ** WARNING UNAUTHORIZED ACCESS TO THIS UNITED STATES GOVERNMENT COMPUTER SYSTEM AND OR SOFTWARE IS PROHIBITED BY PUBLIC LAW 98-473. PUNISHMENT FOR OFFENSE CAN BE UP TO $100,000 FINE OR UP TO 20 YEARS IN PRISON OR BOTH. REPORT UNAUTHORIZED USE OR ACCESS TO THE SYSTEM SECURITY OFFICER. WARNING ** WARNING ** WARNING ** WARNING ** WARNING ** WARNING
Waiting mail (msg.a000284) [Risks of Running RISKS, Cont'd.]
ALMSA-1 Memo Service 750 (MMDF 4/84) <mmdf@ALMSA-1.ARPA>
Thu, 21 May 87 12:31:45 CDT
[As I have noted previously, in a list as large as RISKS there is
an awesome volume of mailer barf messages. I do try to be patient,
but sometimes it becomes overbearing. The implied threat here --
to keep retrying and send me notifications -- is horrendous! PGN]
|
After 14 days (326 hours), your message has not yet been |
fully delivered. Attempts to deliver the message will continue |
for 178956963 more days. No further action is required by you. V
[********* = = = = = = = = = = = = = = = = = = = = = = = = = = = = = !!!!!]
Delivery attempts are still pending for the following address(es):
wmartin@almsa-2 (host: almsa-2) (queue: almsab)
Problems usually are due to service interruptions at the receiving
machine. Less often, they are caused by the communication system.
Report problems with the web pages to the maintainer