The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 22

Wednesday 8 February 1989

Contents

o B-1B bomber avionics problems
Jon Jacky
o Risks of public terminal rooms
Roy Smith
o Using barcodes for road toll payments
Phillip Herring
o ATM error - in Europe
John O'Connor
o Computing as a Discipline
Peter J. Denning
o Cryptic status displays, and GIGO
Mark Brader
o Re: `User friendliness' and forgotten root passwords
Shannon Nelson
Ge' Weijers
smv
o Health Hazards of Office Laser Printers
Hal Murray
Jeffrey Mogul
o Re: Keycard badges vs. anti-shoplift systems
Craig Leres
o Info on RISKS (comp.risks)

B-1B bomber avionics problems

jon@june.cs.washington.edu <Jonathan Jacky, University of Washington>
Mon, 06 Feb 89 19:59:21 PST
Here are excerpts from AVIATION WEEK 130(1) Jan 2 1989 pps. 101, 103:

ROCKWELL WORKING WITH AIL TO DEVELOP B-1B AVIONICS FIX  (no author)

Rockwell has more than two dozen engineers at AIL [an Eaton subsidiary] to work
on the ALQ-161 which is designed to detect, indentify and jam enemy radars. ...
The problem occurs when an aircraft flies at low altitude over a powerful radar
system.  The system radar produces harmonics in the warning receiver that
result in a large number of spurious signals overloading the ALQ-161 processor,
which tries to analyze them as though they were actual threat emissions ...
The fix essentially calls for screening out the spurious signals before they
are digitized and allowed to enter the system processor ...  Engineering work
could be accomplished for about $15 million.  The modified system could be
evaluated in a flight test by next fall or winter.  The $3.5 billion Air Force
contract for development of the ALQ-161 was by far AIL's largest contract to
date.  The Air Force, meanwhile, has decided to study another approach to the
problem which involves installation of an autonomous radar warning receiver in
addition to the ALQ-161.


risks of public terminal rooms

Roy Smith <roy@phri.phri.nyu.edu>
Wed, 8 Feb 89 16:34:48 EST
Last week at USENIX, there was a public terminal room consisting of a bunch of
terminals on an ethernet terminal server, and a Sun-3/60 with a dial-up SLIP
line acting as an IP gateway to the rest of the world.  People were invited to
telnet to their home machines and read their mail (or whatever).  It occured to
me that if one was into such things, this would have been a golden opportunity
to set up an ethernet listener to capture hostname/username/password triples.
Given the high concentration of system administrators at USENIX, in the span of
5 days, one could have captured passwords for important accounts on most of the
major Unix machines in the country.


Using barcodes for road toll payments

Phillip Herring <ph@uowcsa.oz.au>
Tue, 7 Feb 89 16:10:44 EDT
(From "The Australian"'s Computer section, Feb 7th, p. 55:)

"Barcodes, now in common use for identifying anything from cornflakes
and library books to beer barrels, could also be the answer to
speeding up the flow of traffic over Sydney's harbour bridge.

"Stickers carrying the barcode for the particular week or month could
be sold at railway stations, lottery agencies or through the mail.

"These would be stuck to the side window of vehicles where they could
be read by long-distance scanners at existing bridge checkpoints.[...]

"[A company representative] said the use of such technology on the bridge
would enable vehicles to pass straight through if they were carrying
the right barcode markings.

"If there were no sticker or the code was out of date, the normal
default camera would be activated."

(From the second paragraph, it seems that everyone would get the
same barcode for a given period. At $1.50 (Aust.) per crossing, the
new (manual) monthly passes will be worth a lot of money. With the
Barcode system, anyone with a good printer and barcode-generating
software would be in a good position to clean up with fake barcodes.)

Rev. Dr. Phil Herring,                    University of Wollongong


ATM error - in Europe

John O'Connor EuroKom <JOCONNOR@vms.eurokom.ie>
Mon, 6 Feb 89 12:40 GMT
Recently when I was in Germany on holidays I used my Eurocheque card (once) to
withdraw money from an ATM there - the ATM gave me no script of the transaction
incidentally. It took about 3 weeks for the transaction to reach my account in
Ireland. Fine - I saw it come in on the statement and marked it off against my
records. Then 2 weeks later 2 more debits for the same amount came in. I
checked my records before approaching my bank query the transaction. I was told
that they would have to check back with the bank in Germany and examine its
hardcopy audit of transactions etc. etc. and it could take 3 months for the
amount to be refunded. The teller did however check with the international ATM
office for the bank to discover that in the central clearing house in Brussels
the German transaction tape had been mounted 3 times instead of once - causing
chaos. The first erroneous transaction was corrected a few days later but it
took more than a month to correct the second. My bank manager took a
sympathetic view of my case and refunded the sum immediately, pending a
correction from Brussels.

A few points in this case:

1. I find it unbelievable that this sort of error could happen in
a major financial banking centre - any other similar reports ?

2. My colleages said that they would not have spotted the error so
quickly (or at all) - too much trust in bank statements.

3. In the event of a dispute it was a case of my word against
theirs - I had no proof that I had NOT withdrawn the money.

John O'Connor, Systems Support, EuroKom, University College Dublin,  Dublin 4,
Ireland.


Computing as a Discipline

Peter J. Denning <pjd@riacs.edu>
Wed, 8 Feb 89 13:21:53 pst
A recent item in RISKS (Engineering vs. Programming, by Lynn R. Grant, in
RISKS-8.20) about distinctions between engineering and programming prompts me
to invite RISKSers to read the report, "Computing as a Discipline," by the ACM
Task Force on the Core of Computer Science.  It is published in the January
CACM and a condensed version on the February COMPUTER.  It discusses these
distinctions and more.  The authors are Peter Denning (chairman), Doug Comer,
David Gries, Michael Mulder, Allen Tucker, Joe Turner, and Paul Young.


cryptic status displays, and GIGO

Mark Brader <msb@sq.sq.com>
Tue, 7 Feb 89 18:57:01 EST
SoftQuad is one of the many companies that have decided lately that
getting a FAX machine was a good idea.  The one that we got supports
delayed-start transmission to take advantage of overnight phone rates.

Last night, one of our managers left the machine set to send a document
at 4:05 am to the 32nd phone number in the machine's memory, and went home.

And another employee came along, saw "D.XMT 0405#32" on the status display,
decided this must be an error code, and helpfully removed the document from
the feeder to try to clear the problem.

I asked the victim if it was okay to send this to Risks.  He replied:

  While you're at it you might comment on the highly confidential FAX I had
  to send some time ago.  So confidential in fact that the recipient had to
  go to remove the FAX from the machine the moment it arrived so that no
  one would see it.  Some time later, I got a puzzled call complaining that
  the FAX hadn't arrived.

  I'd been so careful about making sure it was sent correctly, I'd put it in
  the machine wrong side down ...

Mark Brader, SoftQuad Inc., Toronto                  utzoo!sq!msb, msb@sq.com


Re: `User friendliness' and forgotten root passwords (RISKS-8.21)

Shannon Nelson <shannon@intelisc.intel.com>
Tue, 7 Feb 89 00:19:11 pst
Don't be so shocked.  That's taken directly out of the manuals from AT&T.
My copy is the Prentice Hall publication _UNIX(r)_System_V/386_
_System_Administrator's_Guide_ for Systam V Release 3.0.  Procedure 1.5 is
indeed the procedure for "recovering" a forgotten root password.  Actually,
it's for replacing /etc/passwd with the original default file.  The fact
that you wipe out all of your account information is not mentioned.  Also,
the boot floppy that you are to use is meant for installing a new release,
and automatically starts the process once UNIX is running.  The procedure
doesn't mention how to get out of that program and get a shell prompt.
(Just hit the interrupt key at the first question)

Before attempting the procedure, I suggest making a copy of /etc/passwd.


Re: `User friendliness' and forgotten root passwords (RISKS-8.21)

Ge Weijers <ge@phoibos.cs.kun.nl>
7 Feb 89 09:36:34 GMT
There is no real protection against breaking into a system if you have physical
access to it, IF it does not have any features that make booting from a random
floppy impossible. Even without the boot disk it is quite easy to find the
password file with a sector editor. One could boot the T5100 and run MS-DOS
with the Norton Utilities or whatever to search for "root:" and change
the password field to empty (making a hole in the 'gcos' field).
Reboot Unix and type 'root'. No password check.

Who needs bootable Unix floppies?  Some AT-clones have a feature which prevents
bootstrapping from a floppy if switched on. A flag is stored in the clock chip.
This 'feature' can easily be defeated by disconnecting the backup battery.
(this is also true for BIOS-based password checks)

Systems containing sensitive data should not be physically accessible.

Ge' Weijers, KUN Nijmegen, the Netherlands
    UUCP: ge@cs.kun.nl -or- uunet.uu.net!kunivv1.uucp!phoibos!ge


Re: `User friendliness' tradeoffs can lead to total nonsecurity

<smv@apollo.com>
Tue, 7 Feb 89 18:31:32 EST
eric@snark.uu.net (Eric S. Raymond) writes in risks 8.21:
> And since
> these machines are portables it is unlikely they'll get much site protection.

I would expect a portable would be more closely attended than your average VAX.
Most VAXen aren't at serious risk of being stolen while you get a cup of coffee.
Also, most VAXen won't fit in an office safe, the Toshiba will.  For the truly
paranoid, there's always the large safe-deposit boxes at the bank, talk about
secure computing! Even gets you mandatory signature checking at login. :-)


Health Hazards of Office Laser Printers

Hal Murray <murray@src.dec.com>
Mon, 6 Feb 89 22:43:43 PST
I used to work for Xerox, so I may be biased. I'm interested in that
area, but not an expert.

You should be able to get that sort of info from the manfacturers. Your local
salesman may not be very helpful, but there is probably a corporate health or
safety officer that worries about that sort of thing. He will probably be happy
to send you copies of the reports that they have already filed with the
government to certify that they meet all the rules. Try writing to the
corporate headquarters.

I've seen the report sheet for the toner used in an LPS-40. It's not very
interesting. If you can't get anything like it, I can probably send you a
copy. I saw a similar one while I was at Xerox. It was equally dull.

Toner is almost inert. It's basically carbon black and ground up plastic.
They stuff lots of it into rats trying to see if it does anything nasty.

I think the laser is powerful enough to be a problem if you look directly
into it, but it is packaged inside a box ...

Yes, arsenic is an interesting chemical to use in a drum. I'm not sure what is
acutally used these days. Things like arsnic are not usually very toxic until
they get turned into a soluable compound. Copper and lead are toxic, but most
people don't really worry about handling wire, pipe, or solder.  (I've seen
"wash your hands before eating" stickers on solder. I wonder if they teach that
to plumbers?)

It's standard procedure to polish the drum, by hand, with a soft cloth, when
tuning/cleaning a copier/printer. Next time I see a repairman, I'll ask. I
don't remember that they were particularly careful with the cloth.

I did hear stories about early Xerox researchers working with selenium
drums getting a strange body odor, but I don't remember any health
complications that were part of the tale.

If I were looking for troubles, I'd try to find ozone. A dirty machine or
such may make enough to be interesting. I can't remember the name, but
there are thin high voltage wires used to charge the drum.  Coronatron?


Re: Health Hazards of Office Laser Printers

Jeffrey Mogul <mogul@decwrl.dec.com>
6 Feb 1989 1252-PST (Monday)
In RISKS 8.21, Keith Dancey asks about information on the hazards of office
laser printers.  I found a little information which might be useful.  Digital
(my employer) sells the LN03 printer, the guts of which are made by Ricoh.
Included in the replacement toner cartridge kit is a "Material Safety Data
Sheet"; I suspect that this information may be available from most other
manufacturers.

The document lists, under "Hazardous Ingredients", two components of the toner:
Ferrosoferric oxide 55%
Styrene acrylic resin   45%

The document goes into some detail on toxicity and first aid, but
the short summary would be that there are only "nuisance dust" problems.

The toxicity of each ingredient is also described:

   Ferrosoferric oxide occurs in nature as the mineral "magnetite".  No
   toxicity, other than that associated with nuisance dust is recognized.

   Styrene Acrylic resin: This copolymer of styrene and acrylic acid has not
   been associated with a toxic effect in the open scientific literature,
   although the toxic effects of both styren and acrylic acid are well
   established.  For practical purposes, the polymerization process apparently
   renders this substance biologically inert, only the nuisance dust properties
   associated with inhalation of large quantities of this material would be
   expected to be of biologic concern.

Nowhere in this document is carginogencity explicitly discussed, except to
state that neither ingredient is listed in any of the following: Registry of
Toxic effects of Chemical Substances (NIOSH), Occupational Safety and Health
Administration, NIOSH, International Agency for Research on Cancer (WHO).  I
assume that this means that none of these organizations currently consider
these ingredients toxic or carcinogenic, although that's purely an inference on
my part.

Apparently, there are no "unusual fire or explosion hazards", no
"hazardous decomposition products", and no "conditions to avoid".

"Other Precautions: Do not handle in areas where wind blows.
Avoid inhalation of dust."

        o   o   o

So far, so good, I thought.  Then, I checked the Material Safety Data Sheet for
Digital's LPS40 printer, also built on a Ricoh marking engine.  This toner
includes Styrene Acrylic Resin, but it also includes "dye" (nowhere else
discussed) and Carbon Black.  That rang a bell; sure enough, there is more
question about this than the other toner.

Under "Toxic effects of ingredients":

    Carbon Black

    Carbon black(s) have been tested for toxicity and carginogenicity in both
    animal exposure experiments and in epidemiologic investigations of exposed
    worker populations.  Results of these investigations have been uniformly
    negative.  Other than for the accumulation of carbon black in the pulmonary
    system, prolong exposure to carbon blacks produced no untoward effects.
    Benzene extractions of carbon blacks from some sources have elicited
    carcinogenic responses in animals, although the parent substance, itself,
    has been negative in this regard.  The International Agency for Research on
    Cancer (IARC) has evaluated the evidence for the carcinogenicity of carbon
    black as inadequate to determine a carcinogenic risk for humans.

This document also states that "A review by the IARC of related polymers of
[the two monomers used in styrene acrylic resin] was uniformally [sic]
negative."

For more information, I turned to "Dangerous Properties of Industrial Materials
(6th ed)", by N. Irving Sax.  About carbon black it says "Whiel it is true that
the tiny particulates of carbon black contain some molecules of carcinogenic
materials, the carcinogens are apparently held tightly and are not eluted by
hot or cold water, gastric juices or blood plasma."

It is my recollection that newspaper ink contains carbon black; that
might indicate the relative level of danger of carbon black in
toner (although toner is inhalable, unlike printers' ink).

I don't normally add disclaimers to my messages, but I'm not speaking
either as a representative of Digital or as an expert on this topic.


Re: Keycard badges vs. anti-shoplift systems

Craig Leres <leres@helios.ee.lbl.gov>
Tue, 07 Feb 89 00:44:49 PST
When I was in high school (about 10 years ago) they installed an inventory
control system in our library. This spiffy new hi-tech system caught the
immediate attention of a friend and me (who were sort of into lock hacking when
we were in grammar school).

Obviously, we had to find out how the system worked and that meant stealing one
of the widgets. Once accomplished, we disassembled it (it was made out of paper
and foil) and then spent a few days theorizing about how the system worked.
Luckly we had already studied electricity and magnetism in our physics class.

We were hard pressed to explain exactly how the widgets were detected by the
exit sensors, but knew it had something to do with EMF or RF. I "borrowed" a
small square of sheet metal from my metal shop class and, in a brave experiment,
we demonstrated that a steel shield could be used to neutralize the widgets.

What we never figured out was why anyone would want a system that was so easily
defeated.
                                          Craig

Please report problems with the web pages to the maintainer

Top