Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The following excerpts are from GOVERNMENT COMPUTER NEWS Feb. 6, 1989 p.1: AF MAY LOSE WIS PROJECT - DCA LIKELY TO TAKE OVER GLOBAL SYSTEM by Brad Bass Officials in the Office of the Secretary of Defense (OSD) planned to meet late last week to consider transferring responsibility for procuring an upgraded Worldwide Military Command and Control System (WWMCCS) from the Air Force to the Defense Communications Agency. ... Glenwood Stevener, director of DCA's Joint Data System Support Center, said the Air Force's WWMCCS Information System (WIS) program was a victim of a vicious circle of schedule slippage and budget cuts. `` These things feed on each other,'' he said. WWMCCS began in the late 1970's as an effort to provide the president, the Defense secretary, the Joint Chiefs of Staff and other military authorities with information to help them make wartime decisions. When a study later that decade showed the system was too slow and limited, officials launched the WIS upgrade project. The Air Force has suffered several setbacks since being selected in 1982 to manage WIS. In July 1987, the WIS program office announced the system would be delayed about a year due to funding cuts and system development problems. A year ago the General Accounting Office reported that program officials had not adequately defined system requirements and security measures. Subsequent funding problems delayed the project by another 12 months to 15 months. Air Force officials who requested anonymity said OSD officials recently set up a task force to propose alternative methods to upgrade WWMCCS in light of WIS program difficulties. ... DCA would take more of an ``evolutionary'' approach to the upgrade than the Air Force did, Stevener said. He said the Air Force has been attempting to field a turnkey system to fulfill a broad range of WWMCCS requirements. The DCA plan would focus on a fielding a partial system at first and incrementally adding capabilities to it, he said. In addition, Stevener said DCA would probably change the name of the program to differentiate it from WIS. - Jonathan Jacky, University of Washington
These are excerpts from THE NEW YORK TIMES, Feb 12, 1989, p. 14: ADEFENSE RADAR MUST TURN OFF AS PLANES LAND - AIR FORCE FEARS SYSTEM COULD TRIGGER A BLAST (no author given) WASHINGTON, Feb. 11 (AP) - For 14 months operators of a huge radar installation in central Georgia that is part of the United States' defense warning system have had to turn off the system while military aircraft landed at a nearby base. The interruptions are to avoid accidental detonations of tiny explosive charges found in virtually every military weapons system and in the planes and ships that deliver them. The charges are used, among other things, to trigger weapons, drop bombs or jettison fuel tanks. They are normally fired by an electrical circuit, bu they can also be set off by high levels of electromagnetic energy from such sources as radio waves, static electricity, lightning or radar. As a result, the powerful radar center has to be turned off periodically so planes can land safely at Robins Air Force Base, two miles to the north. That precaution is not enough, local critics contend. They fear a major accident at the air base and have sued to force safety improvements. INTENDED TO SPOT MISSILES The $90 million radar complex, on of four of its type in the United States, would provide instant warning of a submarine-launched missile off the south- east coast [ The story does not say so, but I believe this must be one of the PAVE PAWS phased-array radar intallations - JJ ]. Th Air Force says the unit's time out of service caused by landing planes totals about an hour a month. Ther interruptions have not hindered the early warning system, the Air Force says, because they are random and other radars are available as backups. Routine maintenance of the system turns the radar off for about 40 hours a month, an official said. The 10-story, pyramid shaped installation consists of thousands of antennas that can scan 240 degrees for 3,000 miles and can reportedly identify an object the size of a basketball 1,500 miles away. CRITICS FEAR A DISASTER (Robins Air Force Base) is Georgia's largest and is near the city of Warner- Robins, which has a population of 40,000. ... Critics have filed a lawsuit in Federal Court in Washington. Patricia Axelrod, coordinator of one of the groups that has joined in the suit ... argues that flight restrictions force pilots into`` a trapeze act without a net'' because of the possibility of an error in the communication required to turn off the radar. Senator Sam Nunn, the Georgia Democrat who is chairman of the Senate Armed Services Committee, has also criticized the restrictions because of their reliance ``on the potentially fallible human links'' required to turn the system off. OPTIONS BEING CONSIDERED The Air Force has already spent $600,000 for a study by the Raytheon Corporation, which built the radar system. The study recommended moving it, at a cost of $37.7 million, or modifying it, at a cost of $27 million, so it would turn off automatically if a plane breached the restricted zone. Lieut. Gen. Donald J. Kutyna, who heads the Air Force Space Command that has jurisdiction over the unit, said moving it is not reasonable but modification remains under consideration. A decision is to be made in June. [I find several things interesting about this story, apart from the overall irony of the situation. First, it is another illustration of the tendency noted by Paul Bracken and others for modern military C3I systems to become ever-more tightly-coupled and interdependent in ways unforseen by their designers. Second, Nunn and others' assumption that some kind of automated system would necessarily be more reliable than the present arrangement. - Jon Jacky, University of Washington ]
I ran into something curious when I visited my previous employer yesterday.
They moved to a brand new building recently, and took the opportunity to
increase access-security. They installed magnetic card readers on all doors
(including the computer-room doors), keeping physical access to the office
space and the computer room under control in a better way.
They thought.
A few days after the move, the power went down. The UPS cut in, and kept the
computer systems on juice. The operators have got 15 minutes to manually turn
off the computer systems (after software shutdown procedures of course) before
the batteries are out as well. Unfortunately, the card readers were out,
making it very difficult indeed to enter the computer room...
No need to say that they modified the system a bit...
It's small things like this that are difficult to anticipate, but
are sooooo important...
-John Sinteur
Whatever I say is not to be taken as a statement of the Dutch Army
(my current employer) or my previous employer who shall remain nameless here.
I was going to be out of town and wanted to use "vacation." For those who aren't familiar with it, vacation is a program from 4.[23]BSD that sends a form letter back to anyone who sends you mail. This is useful because you can let people know when you will return and give them other ways to contact you in an emergency. Vacation has provisions so you don't send mail to MAILER-DAEMON, Postmaster, or a *-Request@*, since these senders are usually automated and you could risk getting into a mail-loop if you sent form-letters back. Now consider what would happen if you subscribed to an automated discussion group that sends mail without any of these lines in the header. This was the case with Sun-Spots, the Sun discussion group moderated by Bill LeFebvre at Rice. The header: > From SUNSPOTS@icsa.rice.edu Sun Feb 19 09:42:43 1989 > Reply-To: SUN-SPOTS%RICE.EDU@icsa.rice.edu > Sender: Sun Spots Discussion <SUNSPOTS%RICE@icsa.rice.edu> The discussion group was set up so when Bill is done compiling an issue, he sends it to a mail alias containing a list of everyone who subscribes to Sun-Spots. When I got a copy of the issue, vacation sent a reply. However, since the reply goes to everyone who subscribes to the group, including myself, a reply to the reply was sent, and so on. About forty messages were sent before I logged in this morning to check for any last minute mail. One of the other subcribers sent me mail because he thought we had a mail virus. [...]
It is incredibly easy to fake mail. Read RFC 821, which although it is 50
pages long, details on page 4 everything you need to know. The server on the
first remote machine (that which comes after "@") expects to see commands of
the form:
HELO (optional)
MAIL From: <reverse-path>
RCPT To: <forward-path>
DATA
<mail message not containing a line that has consists of '.' only>
.
QUIT (optional)
There are other possible commands, but those are enough. You can enter these
manually by TELNETting to the SMTP port on the remote machine (TELNET machine
25). Of course, you can enter whatever you want after "From:". I have sent
messages to friends purportedly from Grim.Reaper@Hells.Gate, but much more
latitude is possible. The just released "With A Microscope and Tweezers"
report on the Internet worm (they called it a virus) includes an account of how
a message detailing several aspects of the operation of the worm was posted
"anonymously" to a newsgroup.
I don't see how you could authenticate the sender, except with a
public-key encryption system. Fat chance of implementing that everywhere
on the Internet this century.
Occasionally I see messages which contain a header of the form "Warning: From:
field does not match Sender". How does that come about and who constructs the
Sender: field?
>How about the
>other way around: how much danger is there that someone can spoof mail in
>order to receive messages destined for someone else?
The only way I know of doing this is if your machine is on the path for
the mail in the first place, in which case you can look at everything
that passes through anyway.
I use VMS and we don't have NEWS (yet), so maybe someone can tell me
whether the same thing is possible for USENET news articles? [...]
Peter Scott (pjs@grouch.jpl.nasa.gov - really)
A few days ago I summarized for RISKS an article that had appeared in the Toronto Star on February 8 about a case of "theft" of information. [...] Two days later, however, significantly different facts were reported. (This submission to Risks was delayed because I intended to email to Mike Tilson to ask if he wanted to write something himself.) Information here is from the (Toronto) Globe & Mail. The article is headlined "Computer information theft detected by security system, company says". And it begins as follows: # The theft of information from a company's computer program [sic] # was detected by the firm's own computer security system. # # Mike Tillson [sic], president of HCR Corp., which specializes in # developing computer software, said yesterday an unusual pattern # of computer access was noticed on the company's system last week. The article continues by saying that police reports valuing the "program" at $4 billion (Canadian) were called grossly exaggerated by Tilson: "It's more in the tens of thousands of dollars range". He also said that the illegal access had been only a week before; there was no 2-month investigation. And asked about resale of the information , he said: "It's not clear how one would profit from it. There are any number of purposes one could imagine to idle curiosity. There is a possibility of no criminal intent." The information not being HCR customer data, and Tilson declining to identify it, the article goes on to mention UNIX, to mumble about AT&T intellectual property, and to note that AT&T is not in the investigation "at this stage". Mark Brader "Every new technology carries with it SoftQuad Inc., Toronto an opportunity to invent a new crime" utzoo!sq!msb, msb@sq.com — Laurence A. Urgenson
In RISKS 8.26, Jeff Makey says: > The "computer files" are nothing more than the source > code for AT&T's UNIX operating system ... few thousand dollars -- > a far cry from $4 billion. I suspect that AT&T's lawyers are at > the root of this sensationalism. I think in this case the lawyers are doing their job, and it might not be sensationalism. I believe (word of mouth from UNIX-related legal mess that some friends were in long ago) that the UNIX operating system is protected by trade secret law, and (according to my copy of _Legal Care for Your Software_) a corollary of this is that you must diligently maintain the "secret" (licensed, confidential) status of that software, or all your legal protection is gone. If the lawyers don't behave like rabid piranhas, then perhaps they aren't being diligent, and if they aren't diligent and lose trade secret protection, then the loss to AT&T could well total billions. And, of course, since we're talking about product protection, "UNIX" is a trademark of AT&T. David Chase
"ALBTSB::SCHILLING1" <schilling1%albtsb.decnet@aldncf.alcoa.com> writes:
>
>Seeing hasn't been believing for a long time. Remember Fred Astaire dancing on
>the ceiling in the movie "Singing in the Rain"?
Gene Kelly was in "Singing in the Rain". Fred Astaire's ceiling dance
was in "Royal Wedding".
Douglas Krause, University of California, Irvine
[Also noted by cmb@robots.oxford.ac.uk (Chris Brown).]
Steve Philipson points out the risks of new technologies to digitally alter video images and audio recordings. An article in The Whole Earth Review about three years ago discussed the digital doctoring of photographic (still) images; that technology is quite mature already. The article pointed out that the major news publishers such as Time own digital processing devices that put the best airbrush artist to shame. It is quite easy to merge unrelated images, superimposing a person in a scene he never visited, and to cover all the seams. It is also easy to remove unwanted objects and blend in the background to cover. The claim in this article was that photographic images were no longer worthwhile as evidence of anything. I suspect that is a bit strong; the testimony of a photographer that her record is honest would probably hold water. (After all, the notes of a police officer can be altered, but are admissable when read as part of testimony.) Also, few currently have direct access to this technology. But the risks are real.
Like most ATMs, the Diebolds (there are several models) are programmable from
the host computer. This can include modes where the pin is read and encrypted
(DES) before sending, or where the PIN is read and sent in the clear, or where
the pin is not even read. It would seem a little strange to run the ATM in the
last mode, but I have seen a system in the UK where the PIN is transmitted over
a bisync line with no encryption whatsoever. In any case, the menus, the "fast
$xx" amount, the order of operations when processing a user transaction, etc.
are all remotely programmable. It could be that the ATM you were at had been
incorrectly programmed, but generally there is one file in the host that
contains the ATM information, and this is just sent down over the wire to all
of them. Your name was probably encoded on track 1 or 3 of the card.
[That does open up some significant vulnerabilities. PGN]
On a related note, I noticed quite a risk using credit cards. We are currently
implementing a credit card (CC) authorization system for retail stores, and the
handy way to test it seemed to be to run my own card through the magnetic
reader. Now, a CC has a "track two" where the account information is encoded.
After the account information, there is a special character that serves as a
field sep, and then "issuing bank discretionary data" follows. In this field
the first four are usually the expiration date on the card. In the case of
Commercial Federal here in Omaha, my checking account is there, AND it is the
issuing bank for my CC. Imagine my suprise when testing the card reader with
my CC. The CC account is there, so is the expiration date, followed immediately
by MY CHECKING ACCOUNT NUMBER at Commercial Federal! So apparently my bank
account number is going over the wire every time I buy something with my Visa...
Bill Mahoney
Please report problems with the web pages to the maintainer