The RISKS Digest
Volume 5 Issue 48

Friday, 23rd October 1987

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Computer Weather Forecasting
Jonathan Bowen
Robert Stroud
o Phone Service Degradation — and 911
Scot Wilcoxon
o Terrorism
Charles Shub
William Swan
Elliott Frank
o More on password security — clean up your act
Jeremy Cook via McCullough
o Consumer Protection Act
Richard S. D'Ippolito
o Re: UNIX Passwords
Russ Housley
Richard Outerbridge
o Use of Social Security Numbers
James Peterson
o Info on RISKS (comp.risks)

Freak winds in southern England

Fri, 23 Oct 87 18:06:00 BST
From front page of "Computer News", 22 October:

  ``The Metorological Office will look at the performance of its Control Data
  Cyber 205 supercomputer as part of its investigation following last week's
  hurricane-force winds.  The office has been criticised for failing to
  predict the speed and path of the storm.

   A spokesman for the Metorological Office said that the equipment,
  including computers, was always under consideration. He added: "The
  Cyber is not an easy machine to work with but all computers are
  fallible." Control Data did not comment.

   The Reading-based [southern England] European Centre for Medium Range
  Weather Forecasting, which supplies longer range data directly to the
  Bracknell centre [Met Office, close by], is happy with its Cray X-MP 48
  machine. "We originally had a Cray-1 before upgrading to an MP 22 and MP 48
  and we are exceedingly happy with our machine.  "It gets better and better,"
  said a spokesman.''

My understanding is the main reasons for lack of success in predicting
the winds were a) lack of data (the storm came from over the sea --
fairly normal in Britain! — where there are few weather stations) and
b) lack of computing power (and lack of good algorithms?).

It has been reported in Britain that (mainland) Europeans were warned
not to come to Britain up to 36 hours before the storm (presumably by
forecasts from the European Centre mentioned above). It was not made
clear as to whether storms were predicted in the English Channel or
actually in England. The storm unexpectedly changed direction and
increased in ferocity when it struck England.

The BBC TV weather forecast (which uses the Met Office) the night
before mentioned than someone had rung up to say they had heard a
hurricane was heading in our direction, but the weather forecaster
assured us it was not. The storm WAS predicted by the Met Office a few
hours before it struck, but most people were in bed by this time.
England being rather parochial, most radio and TV stations shut up shop
at night. Had it occurred during the day, then storm warnings would
have been broadcasted.

Jonathan Bowen, Programming Research Group, Oxford University

Computer Weather Forecasting

Robert Stroud <>
Fri, 23 Oct 87 15:11:56 +0100
The following letter was published in The Independent on Wednesday 21 October.
It comes from Norman Lynagh who is the managing director of Noble Denton
Weather Services. I have no idea whether he is offically associated with
the Meteorological Office but his letter seems to be a clear and accurate
statement of what went wrong with the forecasting of last weeks gales.
It also contains some interesting insights into the state-of-the-art
in weather forecasting. The bottom-line seems to be the familiar GIGO.

Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne
ARPA   UUCP ..!ukc!cheviot!robert

             *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  

Reproduced without permission from The Independent, Wednesday 21 Oct 87, p. 19
Copyright (c) Newspaper Publishing PLC 1987

Dear Sir,

The Met Office has come under a great deal of criticism as a result of its
failure to predict the severe storm in SE England last Friday morning. Some
of what has been said is accurate but a great deal has been unfair criticism.

Despite what has been said by many people, it was not until about 8pm that
it was really apparent that something out of the ordinary was developing.
Even at that stage it was not at all certain that exceptionally strong winds
would hit SE England. It was only an increasing threat. By about 11pm it was
certain that a storm of unusual severity would hit the SE.

There have been reports from various sources that warning had been given
by other meteorological services several days before the event. This is only
half true and, in any case, the Met Office was one organisation which did
give such a warning.

Several of the most powerful meteorological computers, including those at the
Met Office in Bracknell and the European Centre for Medium Range Weather
Forecasting at Reading, predicted five days in advance that there would be
a major storm somewhere in the region of southern England or northern France
towards the weekend. In broadscale terms, this prediction continued each day
after that, but the state-of-the-art in weather forecasting is such that it
was impossible to predict in any detail either the severity of the storm
or precisely when it would strike.

The depression which caused the storm had existed for several days before
it struck in SE England. Indeed, it was giving force 11 winds NE of the Azores
two to three days earlier. However, during last Thursday, as it moved quickly
NE into the Bay of Biscay, the structure of the depression was far from clear.
As Murphy's Law always seems to dictate in such situations, there were very
few observations available in the vicinity of the depression and it was very
uncertain as to what was exactly happening in Biscay.

As mentioned earlier, it was not until Thursday evening that the situation
became clear and it became obvious that the SE was going to have a night
to remember.

Meteorology now uses the most powerful non-military computers in existence
but the advances in the quality and quantity of input data have not kept up
with the computer technology. No matter how good the computer and the software,
it will not do a very good job if it is given inaccurate input data.

Summarising all the above, I do not think the Met office can be blamed for
failing to give a day or two's warning of a once-in-a-lifetime event.

The state-of-the-art of weather forecasting is such that the way this storm
developed and the precise detail of its effects could not be forecast more
than a few hours in advance.

What is more open to close scrutiny is why warnings to the public were not
issued until after midnight. I think they could well have been issued three
or four hours earlier but that is with the benefit of hindsight and it is
really a question which only the Met Office can answer.

Yours sincerely,

Norman Lynagh, Managing director, Noble Denton Weather Services, London EC1

Phone Service Degradation — and 911

Scot Wilcoxon <umn-cs!sewilco@datapg.MN.ORG>
23 Oct 87 09:30:00 CDT (Fri)
As reported in RISKS 5.46, on October 17th the sale of World Series tickets
in Minneapolis, Minnesota, severely affected telephone service throughout the
upper midwest.  NW Bell estimates about 200,000 calls were attempted to the
sale number in the first hour, and a similar load continued for hours.

Most telephones in the Twin Cities area had delays (with clicking noises) until
a dial tone eventually appeared (20-40 seconds on one of my phones and I
stopped measuring at 2 minutes on the other).  Phone service was slowed
throughout the state and in parts of Iowa, Wisconsin, North and South Dakota.  
Some incoming long-distance callers to other numbers report no problems.

At the customer's request, before the sale Northwestern Bell had set up a
temporary choke-type network to restrict the number of calls to the prefix and
number from central offices in the area.  Despite the restrictions, the sheer
volume of calls overwhelmed the network.  A NW Bell spokesman says the problem
was probably exasperated by customers with automatic redial.  Fortunately the
sale was not scheduled for a business day.

There were interesting differences between this situation and those caused by
broadcast prize giveaways.  The first was the large quantity of tickets that
stretched the demand over several hours, even after the sellout at 11:30 AM.
The Minneapolis-St. Paul toll-free calling area is one of the world's largest, 
but since every successful caller would get rewarded by being able to buy 
these prized tickets there were many incoming long-distance call attempts.

Iowa might have had an interesting situation if St. Louis had attempted the
same thing at the same time from the south — a possibility due to the limited
time to sell the tickets.

Phone calls for UUCP sites generally failed, since most modems and systems can
not detect dial tone.  UUCP logs showed 80-85% failure rates during that time.
Fortunately, most USENET news transfers in the state are scheduled for times
other than the period affected so there was not a large backlog of data trying
to flow through most sites.

I will be suggesting to the Minnesota Public Utilities Commission that they
try to have 911 protected from this kind of problem.  I think the way to reduce
giving a delayed dial tone to everyone is to try to give greater delays to
people trying to dial a number causing an overload.  Preferably also give
even greater delays to repeat callers or autodialers.  Presently the local
carrier is required to give equal service to everyone, even if that means
giving equally bad service.

Scot E. Wilcoxon    sewilco@DataPg.MN.ORG   {ems,meccts}!datapg!sewilco
Data Progress       Minneapolis, MN, USA    +1 612-825-2607


Charles Shub <cdash@boulder.Colorado.EDU>
Thu, 22 Oct 87 22:07:06 MDT
>From: Graeme Hirst <>  (RISKS-5.47)
>In RISKS-5.44, Scott Dorsey ( writes: ...
<>Have there been any cases of terrorist or political attacks on comp centers?

Along about 1970 (around the time of Kent State) there was a bombing at the
comp center (and a megabuck fire at the student union) at the University of
Kansas. I was on my way to the comp center from my office when the bomb went
off, and had it not been for some fortuitous circumstances that delayed me
that evening, would have been at a terminal about 15 feet from the explosion
when it happened. The computer operators suffered some minor injuries and some
permanent hearing losses. Our terminal server was a Datanet 30. The explosion
blew the doors off it, but it was still running until the machine was shut
down. I could probably tell some war stories about the incident, but this
digest is not the proper place for that. If anybody is interested, I'll provide
more details on the haziness of my recollections privately.

cdash   aka    aka ...hao!boulder!cdash
    aka ...nbires!boulder!cdash       aka  (303) 593-3492

Terrorism (Re: RISKS-5.45)

WIlliam Swan <uw-beaver!tikal!sigma!bill@RUTGERS.EDU>
Wed, 21 Oct 87 11:10:20 pdt
The computer center at U.C. Santa Barbara was taken over by protesters in
the spring of '75. Although the computer room was secured behind locked 
doors it was easy for them to get control - several demonstrators merely
lounged in the hall outside until an operator came, then when she unlocked
the door to go in one grabbed her and held the door open for the rest.

One operator inside shut the machine down immediately. Then the protesters
ushered (all?) the operators out, and took over the entire building - taping
printouts over all the windows and doors. They threatened to destroy the
computer if their demands (more money for radical leftist groups) weren't met.

The place was held for several hours (interesting sight: small group of
demonstrators just outside the building, group of angry EECS students around
*them*) before the police moved in and hauled the demonstrators away. (Another
interesting sight: the leaders of the demonstration, very visible throughout
the takeover, managed to vanish just before the police reached the building,
leaving the rest to be taken away in the paddy-wagons.)

The machine was not damaged.

Bill Swan   sigma!bill


Elliott S. Frank <>
23 Oct 87 18:21:36 GMT
In RISKS-5.45, Brent Chapman (koala! writes:

>Have there been any cases of terrorist or political attacks on comp centers?

During the student riots at Columbia (April, '68), the computer center
lobby was briefly 'occupied'.  The operators prevented access to the
machine room, and the center was then closed and locked for the duration
of the disturbance.  The occupiers (who included physics grad students
and others familiar with the computer center and its operation) were
 aware that the university's corporate data processing was done on a
separate system; that having the administration shut down the computer
center was as effective and as disruptive to the routines of the
university as shutting it down themselves; and, that due to the pricetags
of the equipment involved (several million $$), the administrators might
act 'irrationally' to protect the equipment.

Elliott Frank      ...!{hplabs,ames,sun}!amdahl!esf00     (408) 746-6384
               or ....!{bnrmtv,drivax,hoptoad}!amdahl!esf00

[the above opinions are strictly mine, if anyone's.]

More on password security — clean up your act

Fri, 23 Oct 87 9:50:09 PDT
  from SUN-SPOTS DIGEST Volume 5 : Issue 53

  Date:    Wed, 14 Oct 87 10:10:38 NOR
  From:    Jeremy Cook <>
  Subject: Backup procedure

  Our systems guy (Tom) came up last Monday evening to backup our Sun.  He
  was new to the job however and didn't know the root password.  He phoned
  Ingolf, but Ingolf didn't know it either so Ingolf, who was meeting Kikki
  in town, asked Kikki.  Kikki phoned in to Tom but the switchboard was
  closed so the cleaning lady answered.  Kikki told the cleaning lady the
  root password, the cleaning lady went down to Tom and told him and Tom
  came up to do the backup!
                                            — Jeremy

Consumer Protection Act

Thursday, 22 October 1987 13:24:34 EDT
In RISKS 5.46, there is a discussion by Jonathan Bowen about this Act which
states that only a "casual" link is required to be shown between the
software product and the injury. I would hope that the correct word is

Re: UNIX Passwords

23 Oct 87 07:48:57 PDT (Friday)
In RISKS 5.45, Dave Curry explains the process that is used in UNIX to get
from a password to an encrypted password.  There are other systems that use
similar schemes.  For example, Multics also uses the low-order seven bits of
each character in the ASCII password as input to a cipher routine.  Multics
uses these bits as both the key and the data.

Dave claims that the truncation of the password to eight characters is not
serious.  I agree — if the user knows that only the first eight characters
are really being used.  When a user enters more that eight characters for
the password, UNIX should provide a warning that only the first eight are
used.  Multics provides such a warning.

Is the "modified DES" used by UNIX a one-way hash? 

Russ Housley, Xerox Special Information Systems, Vista Laboratory

Re: UNIX Passwords

Richard Outerbridge <>
Thu, 22 Oct 87 00:16:39 EDT
The eight-character limit may have been designed in, but direct mapping
into DES keys is no feature.  The average entropy of English is about one
bit per letter over blocks of eight or more letters; so rather than 56 bits
of equivocation the routine assuredly provides eight.  Hashing long strings
together using CBC or CFB message authentication techniques yields eight
byte hex strings in which every last trace of equivocation is present in
a 'random' looking pattern.  Time for a change of password routines.

Use of Social Security Numbers

James Peterson <peterson@MCC.COM>
Thu, 22 Oct 87 21:41:35 CDT
We know that the new tax law requires a Social Security number for each
dependent age 5 or older (if you want to list them as a deduction).  Our
school district is doing its part to make this easier for parents (and
themselves).  They are required "to identify students with either a
Social Security number or an assigned number."  Since many kids may not
have an SS number, they have sent home a form to fill out to apply for
a number.  The school will provide copies of their (the school's) records
to SS as part of the application for SS, and the SS cards will be
distributed through the school.

Of course, the form (that HAS to be returned) includes six options
including (1) My child already has a social security number of ___ __ ____
(2) We have already applied; I will notify the school of the number
when it arrives, (3) ...

There is no option for (7) My child has one and it is not to be used to
identify school records.

Please report problems with the web pages to the maintainer