The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 92

Saturday, 30 May 1987

Contents

o Computer matching of cats and dachshunds
Rick Kuhn
o Electromagnetic Interference (EMI) & Liability
Richard S D'Ippolito
o Horror story about inadvertent wiretapping
Gordon Davisson
o ATM fraud
Bob Johnson
o Computer thefts
Mike Alexander
Brint Cooper
o Shooting Down Exocet Missiles
Mark S. Day
o Phalanx is unreliable?
Lorenzo Strigini
o Stark Incident
Eugene Miya
o Technical error in item "Phalanx Schmalanx"
Mark Brader
o Phalanx; Laser guides
Phil Ngai
o Laser guided anti-tank weapons
Eugene Miya
o Unfair testing
Paul Peters
o "Credentials", Privacy, etc.
Willis Ware
Alan R. Katz
o Info on RISKS (comp.risks)

Computer matching of cats and dachshunds

Kuhn <kuhn@ICST-SE>
Fri, 29 May 87 10:33:57 edt
Charles Osgood reported the following story on CBS Radio this morning:

Hundreds of cat owners in Chicago received a bill for five dollars
accompanied by a letter explaining that they were required to register
their dachshund.  Apparently the Cook county health department had
provided rabies shots for pets and kept a computerized list of animals
receiving shots.  Someone got the bright idea of matching this list against
the list of dogs licensed in Chicago to find dogs that received shots but
were not licensed.  Cats are not required to have licenses.

Unfortunately, the county uses the code "DHC" to represent "domestic house
cat", while the city of Chicago uses "DHC" to represent "dachshund",
resulting in computer generated form letters to the owners of the "DHCs".
After the mess was discovered, a city official said "I guess if we'd thought
about it, we would have wondered why there were so many dachshunds in Chicago."
(not an exact quote, I couldn't take notes when I heard the story.)

Rick Kuhn, National Bureau of Standards
                              [Perhaps some of us should keep tape recorders
                              in our cars, in the interests of accuracy... 
                              <Chicago is trying to rein cats and dogs?>  PGN]


Electromagnetic Interference (EMI) & Liability

<Richard.S.D'Ippolito@sei.cmu.edu>
Friday, 29 May 1987 12:16:34 EDT
    In RISKS 4.91 and some previous digests, some attention is drawn to
the problems of equipment malfunctioning due to EMI. I spent my early career
years designing electronic control equipment which was applied in very
(electrically) noisy environments, such as steel mills and forge shops.
The equipment was used to control the electrode gap spacing on various
types of melting and refining furnaces, such as electric arc furnaces 
operating at 400 volts and 30,000 amperes. The early designs contained mostly
analog circuits, which were supplemented by the then new digital technology.
In one of these environments, where RF was used to melt artificial ruby for
growing laser crystals, a Simpson VOM would read without the leads connected
and oscilloscope use was impossible. We now have a new generation of designers
without practical experience in analog circuits, noise filtering, and
shielding techniques, who don't think of voltages and currents, but only
of zeros and ones. While I agree with the FCCs EMR regulations, they attack
the problem only from one side. We must urge designers to submit the
equipment to operational tests under reasonably expected EMR fields, as
the cranes and even common static electricity can never be eliminated. And
those of us who use EPROMS shouldn't forget that light (even the flashlight
of an unsuspecting service man) and X-rays are EMR. We may soon find the 
government forcing certification at the emissions-receiving end. And the
liability laws are such that you could have a hard time defending the use
of a single PROM in a critical application if an erasure caused by cosmic
radiation caused an accident.

And some day, I know, just the right EMI will come along and cause everyone's
digital watch alarms to sound at once, thus deafening us all.

Richard S. D'Ippolito, PE, Software Engineering Institute, Carnegie Mellon
University, rsd@sei.cmu.edu. (412)-268-6752.


Horror story about inadvertent wiretapping

Gordon Davisson <gordon@june.cs.washington.edu>
Fri, 29 May 87 23:19:34 PDT
In RISKS DIGEST 4.91, Boebert@HI-MULTICS.ARPA (Earl Boebert) writes:
> From the Computer Shopper, May 1987: Password Snatcher -- RS-232 Data tap.

You don't need any special equipment to do this.  I once accidentally put an
extra null modem (a receive/transmit channel swapper) between the VAX and the
Macintosh I was using as a terminal.  This meant the Macintosh was listening to
a wire that wasn't being driven at the other end.  With a normal terminal, this
wouldn't have done anything interesting, but Macintoshes have unusually 
sensitive receivers, and there was enough crosstalk in ~150 ft of twisted pair 
cable for me to get a complete (error-free!) transcript of everything going 
through that cable.  This happened to include somebody's password...

(Just thought I'd give the security-conscious people out there one more
thing to worry about.)

Gordon Davisson  (gordon@june.cs.washington.edu) (uw-beaver!uw-june!gordon)
Computer Science Department, University of Washington.  Seattle, WA, 98195.


ATM fraud

Bob Johnson <U18323 at UICVM>
29 May 1987 09:48:55 CDT
In the past few days some of the Cash Station (*) ATMs in the Chicago area
have changed the format of the receipts they dish out.  The new style no
longer has the account number of the account used in the transaction.

The above was a statement, now I have a question.
Has anyone heard of the 'new' phone features 'Call blocking' and 'Call
tracing'?  Supposedly call blocking will not let your phone ring if call is
placed from a certain number ( number to be designated by you, from the
phone which you are at ) and call tracing traces a phone call after one
presses a certain key sequence ( on your phone ).  I've heard that these are
available in California and another area.  Is there truth in this?
                                                                     Bj
 * I'm sure this is a registered trademark for someone


Computer thefts (Risks 4.91)

<Mike_Alexander@um.cc.umich.edu>
Fri, 29 May 87 13:31:58 EDT
The Public Facilities people at the University of Michigan Computing Center
use the Macintosh Security kit mentioned in Risks 4.91 to protect Macs
installed in public areas.  They modified it to protect the mouse too, and
now they find that people steal the tracking ball out of the bottom of the
mouse.  Someone jokingly suggested epoxying it into the mouse, but so far
they haven't resorted to that.
                                            [Epoxy on both their mouses.  PGN]
                                            

Re: Computer thefts (re: RISKS-4.82)

Brint Cooper <abc@brl.arpa>
Fri, 29 May 87 10:10:21 EDT
Perhaps I missed it, but I haven't seen anyone mention the kits for under
$40, sold by 3rd parties, that permanently attach to two or three parts of
your computer and attach to one another by a tough steel cable that can be
passed through a radiator (here in the East), wrapped through a hole in
immovable furniture, or attached to something immobile.

We bought my son's at ComputerLand, but they're available all over by now.
_Brint


Shooting Down Exocet Missiles

Mark S. Day <MDAY@XX.LCS.MIT.EDU>
Fri 29 May 87 11:50:22-EDT
This morning's Boston Globe included an article on the Phalanx and Aegis
defense systems.  The analysis was that the Stark was out of luck, because
the Phalanx couldn't possibly have shot down the Exocet.  It was possible
that an Aegis system could have shot down the missile, but the article said
there had been only two even-close-to-meaningful tests and they weren't all
that impressive.  In the first, the Navy classified as "sea-skimming" any
missile that came in at an altitude of 100 feet or less above the waves.
This let them shoot down a missile at 100 feet, which is pretty irrelevant
when it comes to an Exocet at 10 feet.  The other test involved shooting down
an Exocet (at 10 feet above the waves) but with the Aegis system mounted on a
barge so that its radar was at approximately sea-level. The problem that both
tests successfully avoided was having to look down at the radar reflections 
off the wave tops.  The conclusion of the article was that in all likelihood 
the Aegis couldn't have distinguished an Exocet from the "sea clutter".
--Mark


lorenzo strigini <procis%ICNUCEVM.BITNET@wiscvm.wisc.edu>
FRIDAY 29 May 1987 10:45:57 SET
      (IEI - CNR;Via S.Maria 46;56100 Pisa;Italy)(Tel  +39 50 43023)
To:    <risks@csl.sri.com>
Subject: Phalanx is unreliable?

In RISKS 4.91 I read:
    ... the use of computers in this context for 
    automatic firing of the Phalanx is deemed unsafe ....

As I understand the situation, the problem in question is not
peculiar to computer technology: if you carry a handgun, you
do not keep it always ready to fire, except in the case you are
in a very dangerous situation, and then you accept much higher
risks of hurting somebody by accident. There is no such thing as
a safe weapon: one has always to decide which compromise between
security against enemies and safety from your own weapon is best
at the moment. The difference between Phalanx and revolvers is
not qualitative ("using Phalanx is unsafe").
Just for accuracy (and, I am not sure the previous poster had made
the mistake I thought I saw, but I thought saying this may be useful
anyway). Apart from this, discussing how good radars and computers
may be for telling friend from foe is certainly interesting.

Lorenzo Strigini


Stark Incident

Eugene Miya <eugene@ames-nas.arpa>
Fri, 29 May 87 11:31:17 PDT
I was on vacation when the Stark incident happened, and am just catching up.
Upon reading some accounts, I think inappropriate attention is being focused
on the Stark's defensive systems.  What concerns me more was the role of the
AWACS aircraft and the look-down radar it carries.  (I note American crews.)
It appears from accounts I have read that it was the maneuver of the plane
that gave away the launching of the missiles, not any radar returns from
the entire minute in missile flight.  I don't know the range, but it seems
the sea state was ideal for detecting low flying cruise missiles of this
type (easier than terrain), and should have given a full minute warning.
The failure of the USAF AWACS to report sooner might show flaws in the
integration of the C^3I of the region making "layered defense" a joke.  I
don't know the AWACS radar system (like frequency, range from target (The
F-1), etc.), and I hope that this aspect of the investigation is not lost to
Adm. Rogers.  I no longer work with radar.

The stuff on the net focusing on the lack of a "front" Phalanx
is probably a little misdirected.  These missiles come in from the side
(since the cross-section of a ship is larger and armored ships have less
side armor) and the system on the Stark is probably adequate for such
side protection.  If the Phalanx were in the front, and the missile
had hit more aft, there probably would have been outcry for protection
in the stern.  The readiness state was still the important thing in the end.

In the end, the title of the old WWII British movie sums up the role of
this type of ship: They Were Expendable.

--eugene miya
               [Thanks.  Once again, RISKS has had much speculation 
               on this subject.  We now have a lot of background with 
               which to understand the conclusions of the investigation,
               so let's slow down for a while.  PGN]


Technical error in item "Phalanx Schmalanx"

Mark Brader <msb@sq.com>
Fri, 29 May 87 23:49:31 EDT
Mike Trout writes:

> But the devastation caused by a dud
> missile was still severe enough to wreck or sink the ships hit.  Even
> without an exploding warhead, an anti-ship missile is a large, heavy object
> travelling at high speed carrying fuel tanks at least partially filled with
> various formulas of highly volatile rocket fuel.  The force of the missile
> mass times its velocity is transferred as heat to the ship, resulting in the
> possibility of a devastating fire--the greatest danger to modern warships.

In fact, of course, the amount of energy transferred to the ship is
proportional to the missile's mass times the SQUARE of its speed.  Knowing
only how big an Exocet is and how much a V-2 weighed, I'll guess the weight
of the Exocet at 1/3 that of a car.  According to Newsweek, it moves at 500
mph.  So imagine being hit by a car going at 50 mph.  The missile would
deliver over 30 times that much energy from impact alone!

Mark Brader, SoftQuad Inc., Toronto, utzoo!sq!msb


Phalanx (Re: RISKS-4.91); Laser guides (RISKS-4.90)

Phil Ngai <amdcad!phil@decwrl.DEC.COM>
Fri, 29 May 87 16:22:51 PDT
Unsafe does not imply unreliable. A loaded gun is unsafe to carry
around, but that does not mean it is unreliable in the sense of "will
it fire when I pull the trigger". The Phalanx shoots at anything that
it sees.  You wouldn't normally arm it unless you were in combat.

>From: "Jon A. Tankersley" <apctrc!zjat02@seismo.CSS.GOV>
>Seems to me that the laser guided technology is about the same as the wire
>guided technology of the Arab-Israeli War.  Wire guided TOW missles could
>be easily defeated by spraying the general direction of origin.  Many
>Israeli tanks ended the war with lots of wires draped over them.

That works if the laser designator is operated by the launch crew.  One of
the advantages of laser guidance is that the designator can be operated by a
separate crew in a location which the target has trouble figuring out. The
launch crew can run as soon as the missile is launched.

The FOG-M is also a major advance in this type of technology.

Phil Ngai, {ucbvax,decwrl,allegra}!amdcad!phil or amdcad!phil@decwrl.dec.com


Laser guided anti-tank weapons

Eugene Miya <eugene@ames-nas.arpa>
Fri, 29 May 87 11:38:50 PDT
Jon Tankersley compares wire-guided munitions to laser designated.  No, they
are a new-generation weapon.  The laser designator need not be located at
launch point and in fact it is preferable they be at different points.  His
suggestion of smart weapons is more scary for me, don't.

Just noted: Hammer's comment about Exocets not exploding.  Actually,
duds happen all the time.  There were several duds in the South Atlantic.
Actually probably makes disarming them easier.
                                                      --eugene


unfair testing

<PPeters@DOCKMASTER.ARPA>
Fri, 29 May 87 15:43 EDT
A discussion in RISKS 235 relating to the STARK incident and the "MIC" test
procedures stated "Drones...have been painted with gloss red enamel to
absorb more laser energy." The implication was that this is an unfair
advantage.  Unless these are heat seekers, I would think that the advantage
would be obtained by painting them to REFLECT more laser energy.


"Credentials", Privacy, etc. (Re: RISKS-4.91)

<willis@rand-unix.ARPA>
Fri, 29 May 87 09:55:06 PDT
As a member of the computer fraternity who who has been in the privacy area
for a long time (e.g., chaired the HEW Committee whose report led to the
Federal Privacy Act, member of the Privacy Protection Study Commission), I'd
like to offer $0.25 more on the subject of TRW's Credentials.  To me, this
is marketing of the obvious and of information that is largely useless for
most people.  I didn't see Forbes on the issue but it seems that it
expresses the same view.

In the course of various privacy activities, I've had occasion to talk in
depth with TRW Credit Data and see my own record -- one time for free and
another time for (I think) $7.50.  For anyone that is seriously thinking of
subscribing to Credentials, I'd urge that you invest the nominal amount
first and see how little is really in your record.  All of the good things
that you've done creditwise (e.g., regular mortgage payments for 30 years)
will not be there; if you've been too bad (e.g., declared bankruptcy) it will
be there.  Even then, bankruptcy records have a legal life of 7 years, at 
which point TRW is obligated to expunge the record.  Beyond that your record
will be mostly a listing of your credit card accounts together with a comment 
about outstanding balance or being current.  As I recall when I last looked,
my TRW credit file had about 6 entries in it although I held many more
plastic cards than that and had much other credit activity.  Your SSN may be
there, although TRW is not authorized under any law to solicit its collection.

So, take a test flight with your record before plunging into a $35 annual fee.

The things (as I recall the blurb) that Credentials offers is a regular copy
of your record and notification of whenever the record is consulted.  I believe
TRW does not offer to tell you when the record is updated on existing lines of 
credit.  Unless one is extraordinarily active in creating new credit accounts 
or in hunting new jobs, your record will not be consulted very often and so
you won't hear much.  Meanwhile for less than $10 a throw, you can get your
record once or twice a year directly -- if you're interested enough to want
to know that often.  If you want to know something about how your credit record
plays a role in activities that you may not suspect (e.g., investigations of
various kinds), one can get some insight for a year's subscription.

It isn't TRW that represents the really big risk to most people.  It's the
small local credit bureau tucked away on some side street, that is frequently 
manual or at least not extensively automated, and that often engages in
information collecting activities that can be a little less than ethical.  For
example, there is the instance of an individual being hired to poke through
a bank's trash in the dumpster; he was picking out "pieces of yellow paper"
which turned out to be unneeded copies of delinquency notices on various
individual bank accounts.  The local credit bureau was learning about
delinquencies before the account holders even knew it.  In this instance, it
was poor information security in the bank that created the risk to individuals.

But the Credentials offer does raise an interesting philosopical point for
the citizen.  In my own consideration of the privacy issue as it may
emerge in the future, I've about decided that each of us will largely have
to take of himself.  There will be some law and some protections, but the
risks of living and operating in a highly automated information society
will have to be offset by our own individual protective efforts.  We're
already being told that the patient will have to play a bigger role in
managing his personal medical care; so it's going to be more of the
same in privacy and perhaps elsewhere.

Give such a premise, the next question is: does one want to run open loop
or closed loop?  Does one want to monitor the flow of his automated data
as it swirls around?  Or just hopefully have things arranged so he knows
when negative or harmful events happen?  There are some people who want to
be proactive and will want to run closed loop; and for them, services like
Credentials can be helpful.  I suspect most people will opt for open loop,
simply because of the burden of watching all the reporting; BUT at the
same time, we will all expect mechanisms to trigger negative events to our
attention.  Thus, the present Fair Credit Reporting Act requirements of
providing a copy of the credit report which reputedly is behind a negative
credit action is both appropriate and useful.

But, the initiative still is with the individual; there is nothing
automatic about the law's protection against risk.  As I recall the law,
the organization that makes a negative credit decision is required to tell
the individual where it got credit reports that entered into the decision.
The individual must then contact such places and request the credit
reports.  I'm not sure that Forbes is correct about providing free copies;
I suspect that the only legal obligation is to make the credit record
available for perusal at a specified place of business and during
specified business hours.  But then the FCRA was ammended I think, and
free copies may indeed be a legal obligation.  I think that the
individual must bear the cost of any reproductions.

On the other hand, I can understanding TRW choosing to send a copy as a
business convenience.  Among other things, it will avoid having people turn
up [at] the front door of an installation whose physical location TRW
properly wants to keep secret as an aspect of good system security.

    Willis H. Ware, Rand Corporation, Santa Monica, CA


TRW's Credentials

Alan R. Katz <KATZ@venera.isi.edu>
Fri 29 May 87 14:26:22-PDT
I have been a member of this for over a year and am pretty satisfied with it.

Advantages:

1.  The biggest is that you get notified automatically if ANYONE accesses
    your credit history.  This alone is worth the $35/year to me 
    (it may not be to you).

2.  Free copy of your credit report whenever you want.  It is true
    you can get a free copy whenever you are turned down for credit
    (sometimes a big hassle though).  However, the NOMINAL charge
    for a copy otherwise is $8.00.  This can add up if you get more
    than one a year.

3.  "Standard" forms for disputing and correcting information (a little
    easier than writing letters).  Also, since you are a paying 
    customer, you get a little better service.

4.  Credit card registration and protection service 
    (generally costs about $12/year elsewhere).

Disadvantages:

1.  If YOU WANT (not required), you can tell them income and asset
    information which they keep on file along with your credit history.
    Then, theoretically, you can apply for a loan or other credit just
    by giving your TRW Credentials number and not having to fill
    out long applications every time.  In practice, I have not
    found anyone who will do this  (yet) (except for some car dealer whose
    ad was sent as a part of the TRW Credentials package!).

2.  $35 / year 

All in all, it's worth it if you want to know when someone accesses your 
credit history (which they are NEVER supposed to do unless you authorize
it) or if you want to get more than one or two credit reports a year.  

                Alan (Katz@ISI.Edu)

Please report problems with the web pages to the maintainer

Top