The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 10

Wednesday 18 January 1989


o Speak nicely to your air hostess - or be blacklisted...
o (Too) Intelligent Network News mailing
Ralph A. Shaw
o Information protection in Europe
Steve Bellovin
o Re: Losing systems — and Structured Programming
Henry Spencer
Lynn R Grant
Steven C. Den Beste
o Re: Ground proximity warning
Henry Spencer
o WORM storage and archival records
o Re: 3 vs. 2 engined airplanes
Steve Jay
o Re: Hackers break open US bank networks
Jan Wolitzky
o Evidence
Bill Murray
o Info on RISKS (comp.risks)

Speak nicely to your air hostess - or be blacklisted...

Mon, 16 JAN 89 17:47:27 GMT
From "Computing", January 12, 1989.

  US airline TWA is under investigation by the Data Protection Registrar
after a passenger saw abusive information on a computer screen,
describing him as "obnoxious".

  London-based systems engineer David Burns saw the screen when he
inquired about some lost luggage on returning to Los Angeles airport
from Hawaii in October.  He asked for a screen print and found it
contained details of all the comments he had made to TWA staff
including 'Pax (passenger) said do something constructive', 'Pax hung
up phone', 'Pax obnoxious'.  He said most of the details were not
entirely accurate.

  Burns wrote to the Data Protection Registrar after being given
conflicting information by TWA about whether the records were deleted when
the lost baggage was eventually found, or were kept for reference.

  John Lamidey, the assistant data protection registrar in charge
of investigations, said Burns' complaints are 'enough for me to
think we should look at it further'. He appointed an investigator to
visit TWA and expects to report back this month.

  Burns said that, after returning from holiday and eventually recovering
the lost suitcase from another airline, he rang TWA Baggage Services
in London to see if the luggage was still recorded as missing. He was
told it was.

  Three people, including the head of passenger service, told him
the report which contained his details could not be given to him as
it was not company policy, even though the data was kept on the
system for three months.

  He then requested the information under the Data Protection Act.

[[which gives those in the UK the right to see information held on computers
about them, with certain exceptions dictated by national security, etc.]]

  Brian Johnson, manager of personnel and administration for TWA in
the UK, wrote back to say 'no material is held by TWA by way of
magnetic media which contains your name.'  A TWA official said
the data had been deleted.

(Too) Intelligent Network News mailing

Ralph A. Shaw <ras@rayssd.RAY.COM>
Fri, 13 Jan 89 12:55:07 est
Something I got in the mail today sounded more Orwellian than I liked, I
thought I would pass it along.  It was part of a subscription recruitment
mailing from Intelligent Network News  of Alexandria, Va.  (Any security-
minded Intelligence organizations based in Alexandria you can think of? :?)

>"Intelligent networks will dominate our industry's future and force every
>company to rethink the way they do business.
>For example:
>    Someday the public switched telephone network might track you
>down in New York to tell you, "There's a leak in the basement of your
>house in Denver.  The plumber has already been called.  He's reviewed
>the service history of yoyur address, and thinks that it's probably
>time to replace the blow-out valve on your water heater. Please respond."
>The repair could be complete, further damage avoided, and the bill
>paid by the time you return home, all thanks to nationwide intelligent
>network services.
>      .....
>Clearly, this evolution will create money-making opportunities for
>those with the will and wits to recognize them.

Yes, just what I'm afraid of...
Ralph Shaw  Raytheon Co. (SSD)      <>

Information protection in Europe

Tue, 17 Jan 89 22:53:51 EST
The October '88 issue of Cryptologia has an interesting article entitled
``European Needs and Attitudes Towards Information Security''.  The
author (a founder of a firm that devises cryptographic algorithms, and
hence not an unbiased source) claims that the free market is driving
banks and other financial institutions towards better protection of
their data; he asserts that banks have suffered a loss of business
when their inability to keep data confidential has been demonstrated.

Of particular interest to this audience is his description of the (perceived)
threats in Europe.

    Europeans do not particularly need protection against
    ``hackers'' or petty criminals.  They need protection against
    organized crime, major corporations and governments.  Such
    opponents are characterized by the presence of serious
    motivation (and therefor the willingness to expend significant
    sums to attack a system), access to substantial resources, and
    the possession or ability to purchase whatever technological
    expertise is required.

He then goes on to relate three actual attacks.  In the first, organized
crime invested $5,000,000 up front in technical preparations; the gain
(actual or potential isn't clear from the article) is estimated to be
100 times that.  The second involves a government spying on bank data in
another country; he implies, though does not state, that it was the U.S.
government that did the spying.  Apparently, the bank suffered serious
loss of business when its vulnerability became known.  Finally, he
describes the plight of ``extractive industries'', whose competitors,
both private and state-owned, regularly mount sophisticated electronic
spying operations against them.

If the claims are accurate, the difference in attitudes is fascinating.

        --Steve Bellovin

Re: Losing systems — and Structured Programming

Wed, 18 Jan 89 00:19:21 EST
It is worth remembering that the original meaning of "structured programming"
followed the English usage in which "structured" means, approximately,
"organized", and that the usage or non-usage of certain control constructs was
suggested as a means to that end, not an end in itself.  One can often get a
good laugh by doing a global substitution of "organized" for "structured" in a
pronunciamento from either side — it tends to make both sides' arguments sound
ridiculous.  As it should:  it is silly to confuse organization with a list of
permitted constructs, and equally silly to criticize the desire for
well-organized code on the basis of such confusion.
                                      Henry Spencer at U of Toronto Zoology

Structured Programming

Lynn R Grant <Grant@DOCKMASTER.ARPA>
Wed, 18 Jan 89 12:43 EST
I have been a proponent of structured programming for many years, and I
have found that there is really only one rule:  think about the poor guy
who is going to have to maintain the program you are writing.  All the
other rules about indentation and goto-lessness simply follow from that.

The guy who ends up maintaining your program may be some rookie, or it
may be a busy programmer who doesn't have time to carefully scrutinize
your code, or it may be you six months down the road, after you've
forgotten what you had in mind when you wrote the program.

Whatever you can do to make it easier for this guy to understand your
program will cut down the chances for errors (and will keep him from
putting you on his bad-guy list after having to fight with your code).

    Lynn Gran
    Technical Consultant
    Computer Associates International, Inc.

re: Losing Systems

Wed, 18 Jan 89 10:12:51 -0500
In Risks 8.9, David Marks (djm408@tijc02.UUCP) lays much of the blame for
"losing systems" on the narrow attitude of management which they derived from
the educational system.

Briefly, his reasoning goes:
   1. Business types don't learn about computers and don't care about them
   2. Engineers don't learn about business and don't care about it
   3. There is therefore no common ground on which to meet.

Premise 2 is nearly completely true - the average software engineer couldn't
care less about the realities of business. But I have not found Premise 1 to be
true to anything like the same extent. No matter where I've worked, I am
constantly running into business folks who are trying to understand computers -
out of intellectual interest, "nift" factor, or the obvious fact that there is
a shortage of computer-literate business people and thus it is a good way to
advance a career (and the free market wins again...).

I think that there is an entirely different reason for the failure of the
projects cited three or four references ago: Usually a project like this is
specified not by the ultimate users of the service the computer will provide,
but rather by a supplier in the form of a consultant contracted to buy the
hardware and write the software. The consultant has no vested interest in the
resulting software working correctly - he only has a vested interest in the
project being big and expensive. The consultant wins once the contract is
signed - everything after that is less important.

If those who have the need have no control, and those who have control have no
need, then disaster will always strike. It doesn't even matter if they are
talking to each other.

Steven C. Den Beste,   BBN Communications Corp., Cambridge MA    harvard!!denbeste(UUCP)

Re: Ground proximity warning

Wed, 18 Jan 89 00:19:41 EST
>     "Note: the GPWS will not provide a warning if an airplane is flying
>     directly towards a vertical cliff."

It's worth noting that solutions to this have been proposed and rejected.  The
problem with the standard GPWS is that it basically looks down, not forward, so
it fails in the presence of abruptly-changing terrain.  (The vertical cliff is
only the extreme case; rapidly-rising terrain will give a warning, but often
too late for it to be useful.)  At least one company has proposed a more
sophisticated scheme in which the "warning surface", so to speak, is not a
point underneath the aircraft but a sort of ski-shaped surface extending a
considerable distance forward.  Nobody was interested, so the proposal was
                                     Henry Spencer at U of Toronto Zoology

WORM storage and archival records

RAMontante <>
Wed, 18 Jan 89 00:46:42 EST
Steve Phillipson proposes once-writable storage as a means to guarantee that
archival records have not been tampered with.  The idea is that the
information, once recorded, can't be changed.  The idea is fundamentally
flawed, however, for reasons involving the digital nature of most such media.

Typed or handwritten documents, photographs, audio tape recordings, all could
be trusted (once) because you could detect alterations in them, AND ALSO
because you could determine that the item you had was the original.  The
letters on a ypewriter have "personalized" defects, for example.  More to the
point, tape recorders and cameras add their own high-frequency losses or image
blurs to the signals they record; and if you make a copy of the original tape
or photo, there is unavoidable degradation of the information and addition of
machine-related "noise" to brand the copy as such.  Analog video tape is
another example — broadcast quality tapes are unusable after a few generations
of copying.

Digital media don't suffer from this degradation, though.  I get a new program
for my PC at home, put a blank disk of the same brand in the machine, and type
"DISKCOPY".  Strip the label off, and you can't tell which disk is the
original.  By the same token, if I have my "archived" Shakespearean sonnets on
a WORM disk, I simply read an image of the disk into memory, edit a few lines
and write the new image onto a fresh WORM disk.  Presto — bogus Shakespeare on
a "tamper-proof" disk.

Re: 3 vs. 2 engined airplanes

Steve Jay <shj@ultra.UUCP>
Tue, 17 Jan 89 21:38:36 PST
In RISKS 8.9, Jordan Brown says

> I don't believe a 727 can fly on one engine.  It must have two.

> A three-engine airplane has a higher probability of having a failure in
> the first place, and when it does have a failure it then has two points
> of failure, EITHER of which will cause an accident.

I think he's wrong on both counts.  I have no specific knowledge in this
area, but I'm almost certain that a 727 CAN maintain level flight,
at least a some altitudes, on one engine.  Also, there was a highly publicized
incident a couple of years ago when a Lockheed TriStar flying out of
Florida almost crashed into the ocean because a mechanic had left
out oil seals after maintenance on all three engines.  As I remember it,
the pilot got back safely only because he was able to keep one
engine going.

Even if a 3 engine plane can't stay level on one engine, it will certainly
have a much lower rate of decent with one engine going than with
none, giving the pilot a lot longer to deal with the problem or find
a landing spot.

Even assuming that a 3 engined plane needs two engines to fly,
the odds of 2 engines failing on a 3 engined plane are much, much,
smaller than the odds of 1 engine failing on a 2 engined plane.

Steve Jay                       domain:
Ultra Network Technologies  Internet: ultra!
101 Daggett Drive               uucp: ...ames!ultra!shj
San Jose, CA 95134      408-922-0100

Re: Hackers break open US bank networks

Wed, 18 Jan 89 09:13 EST
    Australian authorities are working around the clock ...
    leaks of supposedly securedial-up numbers for US defence sites, 
    including anti-ballistic missile launch silos, ...

The U.S. hasn't had any anti-ballistic missiles for more than a decade.  I can
only assume that the rest of the article is as accurate, especially since I've
seen nothing about the "break-in" in the papers or news wires in this country.

Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit
(Affiliation given for identification purposes only)


Wed, 18 Jan 89 12:15 EST
>   In recent issues of RISKS, various people have lamented the loss        
>of confidence we are experiencing in archival records kept by computer.    
>The problem seems to me less of a computer problem than a media problem,   
>specifically, choosing media that is appropriate for archival storage.     

Would God that it were that simple.  If freedom from modification were
the only requirement for the medium, then there might be a solution.
However, for an increasing number of applications light in glassor
electricity in copper are the medium of choice for other reasons.

We require controls for the integrity and confidentiality of data that
are independent of both media and environment, and which can move with
the data.  

Fortunately for us they
are here.  Digital signatures and envelopes can be combined to mimic the
behavior of the media and environmental controls that we commonly use.
All that is required is a little bit of trusted storage in which to
store the private keys and a tiny trusted process in which to do the
code conversions.

Of course, I have just stated the requirement for both media and
environmental controls.  While they are still necessary, they are no
longer sufficient.

William Hugh Murray, Ernst & Whinney                       

Please report problems with the web pages to the maintainer