The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 9 Issue 89

Monday 7 May 1990

Contents

o A funny thing happened at the lottery office
Alan Hargreaves
o `Boy, 12, allegedly taps credit files'
Ira Greenberg
o Robert T. Morris' sentencing
PGN
o Hazards Of Office Laser Printers
Keith Dancey
o Re: Aircraft electronics problems PIREP
Steve Jay
Robert Dorsett
o Re: A320 criticisms reported
Robert Dorsett
o Phone system problems
Gail L Barlich
Steve Bellovin
Andras
o Phone Switch Resets
Avi Belinsky
o Other ways to get "Improving the Security of Your UNIX System"
Davy Curry
o So many weapons, so little radio spectrum
Chuq Von Rospach
o Und der Hyphisch
Andy Behrens
o Info on RISKS (comp.risks)

A funny thing happened at the lottery office

Alan Hargreaves <alan@nucs.cs.nu.oz.au>
3 May 90 10:30:06 GMT
I am not sure of the truth behind this article, but the possibilities scare me
a little. It is quoted from the Sydney Daily Telegraph, 3 May 1990.

When a man visited the Minnesota lottery office with a winning ticket worth
$1000, employees looked through his records and found he owed the state that
amount - and more.  So he was handed a cheque for $0.00 - and a tax form.

Alan Hargreaves, University of Newcastle, NSW 2308, Australia.


`Boy, 12, allegedly taps credit files'

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 2 May 1990 16:14:30 PDT
A 12-year old boy in Grosse Ile, Michigan, got into TRW's credit info system,
and BBoarded various credit card numbers -- which were subsequently widely
used.  His mother was stunned by his arrest, and ``said he spent four to five
hours each week night and up to 14 hours a day on weekends at his computer.
She said she was pleased her son stayed at home.''  [Source: Knight-Ridder News
Service item in San Jose Mercury News, around 25Apr90, clipping from Ira
Greenberg, undated]

If past experience is any indication, he probably found the TRW access
information on a BBoard in the first place.


Robert T. Morris' sentencing and its implications

"Peter G. Neumann" <neumann@csl.sri.com>
Sun, 6 May 1990 17:21:13 PDT
In case you were away from the media over the weekend, Federal District Judge
Howard G. Munson pronounced sentence last Friday, 4 May, on Robert T. Morris,
fining him $10,000, requiring 400 hours of community service, and placing him
on three-years' probation, plus some additional administrative expenses.
(Legal costs were undoubtably much greater than the fine, so the cost to Robert
is not insignificant.)

In the final analysis, the judge made a technically elaborate ruling that the
new Federal sentencing guidelines (which recommend a min-max jail-term range
based on a detailed point system) were NOT APPLICABLE in this case, in part
because the case did not really involve computer FRAUD, and in part because
there were no COMPARABLE cases on which to base the sentencing, as required
under the guidelines when there is any question as to their relevance.  In so
doing, the judge said he disagreed with both sides -- the prosecution, which
wanted to add more points primarily because of even greater consequential
(indirect) losses than had been explicitly identified during the trial, and the
defense, which sought to reduce the numbers on a variety of component points.
INTENT, which had been ruled largely irrelevant to the verdict, may actually
have been somewhat relevant in the sentencing.  [This is my own private
analysis, and may not be precise enough in the legalese department.]

I conclude that this case was actually not an appropriate test of either the
computer security laws or of the sentencing guidelines.  On the other hand, I
think that the Government will not be discouraged by the absence of a jail term
in this case, and can be expected to prosecute quite vigorously all acts of
more flagrant computer misuse (e.g., sabotage, intentional denials of service,
or theft of data or proprietary programs).  Although RTM's "experiment" was
certainly ill-conceived and flawed in its execution, his sentence is not
likely to encourage others to conduct similar experiments.

I commend to you the report by Davy Curry (see his messages in RISKS-9.88 and
again in this issue) on how to improve the security of your Unix systems (with
some implications for other computer systems as well).  It is high time people
with vulnerable systems did something more serious about protecting them, and
his report is a useful contribution, going well beyond the Internet Worm
articles of Eichin and Rochlis, Seeley, and Spafford in that it transcends the
particular flaws exercised by the Worm.  Remember, it may be YOUR privacy
rights that are being protected, which should make the increased security a
little more tolerable.  On the other hand, let me once again reinforce my hopes
that we can live in a less antagonistic, more open, and more ethical society in
which computer security is somewhat less critical!

PGN

P.S., PRIMARILY FOR RECIPIENTS OF MULTIPLE RISKS COPIES: Speaking of SENDMAIL
problems, for no apparent reason the last three previous RISKS issues have gone
out with NO DUPLICATE ISSUES attributable to our originating sendmail.  A few
recipient sites seem to have cleaned up their acts, almost all .arpa addresses
are gone, and a bunch of other problematic addresses have been relegated to a
potentially higher-risk sublist.  Because of the annual IEEE Oakland security
bash and other activities, RISKS issues will be sporadic at best this week, and
are likely to emerge at higher risk than the recent carefully-monitored issues
-- when you, me, and my wizards were able to watch the mailer in progress.
Perhaps on this issue the unwatched pot will boil over, but I am optimistic for
a change.  (The fascinating part was that the problem was hitting different
addresses in different sublists each time.)  [FOR THIS ISSUE ONLY, if you get
multiples, a few of you should send a message to root@csl.sri.com, although the
problem would not get taken care of until later today -- because it is too
early for wizards (only mad dogs and RISKS moderators).  On the other hand,
running sendmail in the wee hours seems to minimize the problem, because the
originating host and the network are livelier!  In any case, thanks for your
patience.]  By the way, I hope that there are no lawsuits against RISKS for
causing denials of service in overflowing your mailbox.  On the other hand, I
am surprised I haven't heard more complaints about my boring you with too many
messages about sendmail problems and telephone glitches (which seem to be dying
down).  But the risks are there...  PGN


Hazards Of Office Laser Printers

<kgd@informatics.rutherford.ac.uk>
Fri, 4 May 90 13:14:02 BST
Some fifteen months ago, in RISKS-8.21, I placed a request for information
on the possible health hazards of office Laser Printers.

I received a small flurry of replies, a significant proportion of which
were simply expressing similar concern.  Facts and figures were very thin
on the ground.

At the same time I attempted a literature search which illustrated just how
few studies on the subject had been made.

I wrote to Hewlett Packard seeking advice, but received no reply.

My own employers' Health & Safety personnel found "no risk".

The data I had received did not amount to much, but a report in
The Guardian newspaper (UK), published on April 26th 1990, has added
further information that warrants some interest...

>From my own efforts, I understood the possible hazards to be:

(a) mutagenic and/or carcinogenic compounds contained (and thereby released
into the atmosphere) in the toner;

(b) poisonous compounds on the drum; and

(c) toxic gasses generated by the high electrical discharges involved.


(A)  Jeffrey Mogul wrote that Digital supply printers, with Ricoh marking
engines, the replacement toner cartridge kits of which contain "Material
Safety Data Sheets".  These list under "hazardous ingredients" Ferrosoferric
oxide, Styrene Acryic resin, "dye" and carbon black.

The toxicity of the oxide is described as zero.  That of the resin as being
rendered biologically inert by the polymerisation process.  The "dye" is
not discussed.  Carbon black has been subject to toxicity and carcinogenic
exposure experiments.  One view is that while carbon black particulates
contain some molecules of carcinogenic materials, the carcinogens are
apparently held tightly and are not eluted by water, gastric juices or
blood plasma.

LOFROTH, HEFNER, ALFHEIM and MOLLER, 1980, "Mutagenic activity in photocopies",
Science, 209, 1037-1039.   Using a bacterial assay technique, extracts from
several different photocopies were shown to be mutagenic.  The evidence, they
suggest, is that compounds in the toners used are responsible for this
mutagenic activity.

SONNINO and PAVAN, 1984, "Possible hazards from laser printers".  In Ergonomics
and Health in Modern Offices, (GRANDJEAN (Ed)), Section A:  The ambient
environment in offices (Taylor & Francis, London), 82-85.  Tested five
laser printers for optical, radiation and chemical hazards.  No evidence
of any appreciable risk to operators was found.

Me:  ERGONOMICS has ventured to regard the toner and cleaning agents "of
possible greater concern" than the production of gasses.  But we shall see.

(B)  Not much on the drum compounds.  CLARIDGE, 1983 "Photocopiers: an
office hazard".  Environmental Health, 91(9), 246-247.  Describes the
possible hazards associated with the use of photocopiers, and presents
recommendations.  Among subjects considered is the photoconductor
(selenium).

(C)  Several people, including Brad Yearwood, pointed to the dangers
inherent in the production of ozone and oxygen radicals.  Brad mentioned
that the Canon LBP-8 engine uses a copper wool catalytic filter.

AKTIONSGRUPPEN ARBEJDERE AKADEMIKERE, 1981 "Photocopiers and health
hazards" c/o B Christensen, Arnesvej 44, 2700 Bronshoj, Denmark.  Besides
warning of the possible health hazards of chemicals used in toners (
carbon black with aromatic polycyclic hydrocarbons and nitropyrenes,
thermoplastic resins) and the evidence for mutagenic and carcinogenic
effects of these toners, also covers the effects of ozone, selenium
and organic solvents on health.

>From "The Guardian", April 26th, 1990:

A Science correspondent, Barry Fox, reported seeing a strange device
underneath a Laser Printer in a University in Denmark.  "Oh, that's an
ozone filter" was the explanation, "most laser printers in Denmark have
them".

Fox reported never having heard the suggestion that such a device was
required...

"Ozone is an unstable form of oxygen, O3, produced by high voltages and
electrical discharges...  So they (laser printers) generate ozone.  Despite
the tangy smell, best described as the smell of electricity, ozone is not
good for health:  just the opposite, in fact.

...Ozone soon breaks down into oxygen, but does so while attacking just
about anything except glass and some stainless steels.

...The Health and Safety Executive (UK body) recommends an exposure limit
of 0.1 parts ozone per million of air, averaged over an eight hour day, with
no 15 minute peak greater than 0.3ppm.  Even at 0.1ppm, premature ageing
may eventually result, and in the short term, 0.1ppm can cause eye, nose
and throat irritation.  At 0.5ppm nausea and headaches may occur.

Exposure for two hours at 1.5ppm typically results in coughs and excessive
sputum.  At 50ppm, a 30 minute exposure may be fatal.

 'Areas must be equipped with adequate ventilation and extraction
facilities' warns the HSE...

...Office equipment is usually fitted with filters, containing activated carbon
to break down ozone.  When factory fresh, these filters reduce ozone to well
below the HSE levels.  But filters are small and lose efficiency with time,
especially if clogged with dust (paper, toner etc), so clogging is faster
if ventilation is poor.  And ozone is more dangerous when ventilation is
poor.  Ozone can often be smelled while printing, especially near the outlet
of the machine's internal fan.

...When I (Barry Fox) started asking questions I was appalled at the lack
of interest among firms selling office equipment {mentions Hewlett-Packard
- see my experience of same, above, Apple and IBM}...

...Then I (Barry Fox) tracked down the firm which makes add-on filters...
Dansk Teknologi of Copenhagen started making its Minozon unit in the summer
of 1988 and sold 8000 in the first year.  (It) is a flat plate... containing
a large bed of activated carbon through which air from the printer
discharges...  (It) is around 50 times larger than (the inbuilt filters).

The Department of Environment Technology, at the Danish Institute of
Technology, tested the Minozon filter and found that it remained fully
effective even after continuously printing 10,000 A4 pages...  (They)
cost 300 to 400 pounds sterling in the UK.

At first sight it would seem cheaper and simpler ... to change the filters
built into (the) printers.  But, absurdly, built-in printer filters are often
not designed for do-it-yourself replacement.

After writing about the ozone problem in New Scientist I (Barry Fox) received
many enquiries...  IBM thought I had been 'wound up' by the firm selling the
add-on filters used in Denmark.  Apple remained dormant.  HP, however,
confirmed it had 'escalated the whole issue of ozone filters' and made
 'strong recommendations' that filter changing guidelines be incorporated in
user manuals.

...The short term advice is: if you smell ozone while printing, open the
windows."


Me: depends which way the wind is blowing :-) Since it is not possible to tell
when the in-built catalytic filter is exhausted, and identification of ozone's
characteristic smell is uncertain, *active* ventilation should be a requirement
before installation of laser printers is considered within habitually occupied
offices.

Any further comments, anyone?

Keith Dancey, Rutherford Appleton Laboratory, UK.


Re: Aircraft electronics problems PIREP (188 knots?) (RISKS-9.85)

Steve Jay <!shj@ultra.UUCP>
Sat, 28 Apr 90 00:51:11 GMT
>At 3,000 feet inbound on the Instrument Landing System localiser we were
>experiencing westerly winds of 188 knots

This just doesn't seem believable to me.  This is higher wind velocity than in
the strongest hurricanes.  Does anyone have any confirming information that
there really were winds like that?

Steve Jay, Ultra Network Technologies / 101 Dagget Drive / San Jose, CA 95134


Re: Aircraft electronics problems PIREP (188 knots?)

Robert Dorsett <rdd@walt.cc.utexas.edu>
Wed, 2 May 1990 19:26:58 CDT
When I read it, I assumed that it was another indication of a glitch in the
FMCS software.  Listening to Austin ATC, I've noticed a tendency for pilots
in glass cockpits to depend very heavily on the FMCS when giving such infor-
mation.  When the FMCS is down, they often reply "unable" to give the
requested information.  In real life, all they have to do to get to their
destination is track a VOR station inbound; that provides an automatic
wind correction.  Then it's just a case of guesstimating groundspeed and
cross-checking that with the (computerized) flight plan, to judge the arrival
time.  So there's not much incentive to keep basic nav skills, like
determining the wind vector, alive.

Now, as for whether it's POSSIBLE...  not likely, unless they were in a major
storm.  And if they were, why weren't upper-level wind speeds very high?  And
why would they have continued the approach?  At high altitudes, winds can
get up to that speed, with no major problems for aircraft flying through them,
(except in boundary regions), but near the surface, 188-knot winds would
likely result in monstrous wind shear (as a result of the mechanical
interaction of winds with the surface).  At 80 knots, there would be pretty
bad wind shear.  And even 80 knots is beyond the crosswind capability
of jet transport category aircraft.

Nah, it was a glitch.  Adds more drama to the primary story of the avionics
going haywire on the go-around, though.  I would LIKE to think that the crew
was mentioning this as an event in a continuing sequence of failure, and
didn't actually believe it had 188 knot winds... :-)


Re: A320 criticisms reported

Robert Dorsett <rdd@walt.cc.utexas.edu>
Wed, 2 May 90 19:53:06 -0500
>The author, who has experience of flying the A320, claims that the display
>of airspeed is less than compelling

It's noteworthy that the A320's airspeed display is a "tape" instrument, with
white letters set on a gray "tape," all mounted on a black background.  Current
airspeed is indicated by a single red "lubber line"; the speed tape scrolls
behind that line.  This is in contrast to the tape airspeed displays on the
747-400 and MD-11, which have a "window" in which the current airspeed is
displayed, in a much larger font.  The latter approach is more in keeping with
the results of real-life experience with analog tape (such as is used on the
C-141 and C-5A) and drum digital counters.  I don't know what Airbus was
thinking when it decided on a red lubber line: it's an intuitively bad design,
and has earned criticism from many pilots.

It's probable that the use of tape displays, as a category of indicators, is
predicated entirely on the economics and desirability of having CRT flight
displays.  Screen real estate is at a premium.  There is no demonstrable UI
advantage to using tape instruments; in fact, at least some research suggests
the contrary.  Tape instruments are prone to misreadings.

Robert Dorsett, Moderator, Aeronautics Mailing List


Phone system problems

Gail L Barlich <glb%beta@LANL.GOV>
Wed, 2 May 90 12:17:44 MDT
I began my undergraduate education at a church-related college in Texas.  To
handle long distance calls from dorm phones the phone company issued everyone
"student billing cards."  The phone company waved the deposit because of
the reputation (?) of the school.

Then I transferred and again decided to live in the dorm.  I contacted the
phone company and explained how I had a "student" card in Texas.  They had a
similar deal but required that a heftly deposit remain on account.  I
explained that I had a card in Texas with no deposit.  The woman suggested
that I write a letter about my previous account and include my card number
if possible.  A few weeks later I was issued a "student" card without a
deposit because the "the computer" showed that my Texas card was actually a
"normal" billing card and I had a good payment history.  They could
not issue a "normal" card for a dorm resident.

Each new school year I would call the phone company and confirm that my
card was still active.  Each year I had the same card number.

Well, my last year I got lazy.  I just began using it like usual and never
got a complaint from an operator.  I was making calls during the day
related to job hunting, so I expected horrible bills.  The months went by,
but no bills came.  I called the phone company in December.  Somehow I had
visions of the university holding my diploma if I had outstanding bills.
The phone person insisted that my account showed zero.  Then I talked to the
supervisor, and he also stated that my account was entirely paid with no phone
calls on record for my card or my dorm phone number.  I told him exactly where
I had been calling and the charges I expected.  One week later a programmer
called and congratulated me on beating the phone system.  Apparently my
"student" card had some kind of odd designator on the number that merged it
into the "normal" card database.  The phone company had actually terminated
the "student" card program many months before.  My number had survived but
with no connections into billing.  The employee informed me that my card had
been terminated in good standing.

So I got out into the real world and called to get a telephone hooked up.
I carefully gave them both "student" numbers.  They told me that no deposit
would be required because of my excellent payment history...


Phone system problems

<smb@ulysses.att.com>
Wed, 02 May 90 14:40:19 EDT
I don't know if these two stories shed any light on the problems,
but they're illustrative of system-level failures.

When I lived in Durham, NC, during the early 1970s, the local phone
system (GTE) did not have Automatic Number Identification (ANI) on
long-distance calls.  As a result, whenever you placed such a call
(and you could direct-dial), an operator would come online and ask
what number you were calling from.  The possibilities for error
and fraud are, of course, obvious, and it was always a subject
of much discussion what checking was done.  Did they at least have
information on your exchange?  Could they tell if the alleged calling
line was actually busy?  And most important, what happened to
misattributed calls?  One prevalent local rumor had it that such
calls, when challenged, were randomly assigned to other phone lines,
in proportion to the number of actual calls.  That theory always
seemed improbable, but...

One day, we receive a bill showing a call to %Fayetteville.  Now,
we knew that none of us had ever called Fayetteville, much less
%Fayetteville, so we went through the usual ritual of calling up
to complain.  The response this time was totally unexpected.  ``I'm
sorry, sir, but our records show that that charge has already been
investigated from a previous bill, and found to be justified.''
That was totally erroneous, and we could prove it -- we had all
of our phone bills going back for quite some time.  I told the
agent this; she relented, and took the charge off the bill.

We never did figure out where that call came from, what the % meant,
or why GTE tried to claim that it was a call we had previously
challenged.

The second incident happened several years later, in Chapel Hill,
after Southern Bell had (by order of the State Utilities Commission)
bought out the local university-owned phone system, but before they'd
had a chance to upgrade it to use a switch not seemingly hand-built
by Strowger himself.  They were running out of phone numbers on the
exchanges, and they didn't want to expand the old switch because
they were frantically trying to replace it with an ESS.  So new
customers, especially in the southern part of the service, were
assigned phone numbers on the university Centrex system, and hence
could abbreviate much of their dialing.  In particular, when I wanted
to call the port selector at the Comp Center, I'd dial 3-9911, instead
of 933-9911.  Now, I had one of the old mechanical, card-operated
autodialers that somehow the local phone company didn't know about.
This beast dialed quickly (for a pulse dialer), and sometimes the
switch couldn't keep up.  So, when the second digit arrived too
soon, it would reset, and give me dial tone again -- just in time
for the last three digits, 911...

The rest of the Chapel Hill phone system was on a par with the switch, but I'll
omit the details; they belong in Telecom Digest, or maybe the Museum of
Horrors.
                        --Steve Bellovin


more Phone Problems

<andras@sbcs.sunysb.edu>
Wed, 2 May 90 15:40:08 EDT
This is in relation to phone company billing practices, both ATT and Sprint.
First an observation about AT&T and "instant credit".

When one gets a bad international line, AT&T does not expect payment for the
call.  One can just call the operator, tell them what happened, and forget
about it.  Well, this is incorrect: one must call twice.  The first call is
right after the problem occurs.  The operators cheerfully agree to immediate
credit.  At the end of the month, lo and behold, the call is still billed.
This gives rise to a second call which finally settles the matter.

It happened to me, and others I asked (I'm a graduate student, with lots of
foreign nationals in the department.)  I've once seen a friend's bill with a
dozen or so failed overseas calls.  All one minute long, all one right after
another.  All called in to the operator as soon as they were made.

It's enough to make one suspect that it's deliberate; corporate customers
especially might not keep accurate track of all short overseas calls.


Now the Sprint story.

A few months ago (Jan 20), I had occasion to make an international call to
Europe (Romania).  Not being up-to-date on the latest prices (I asked the
operators, and apparently prices are no longer distributed; I guess you're
expected to call every time you want to check.)  I called the long-distance
carriers I knew about, found that Sprint had the lowest rates by a fair
margin, so I called them through their access number (my primary carrier is
AT&T).

When the bill arrived, it was about 50% higher than I expected.  I called
Sprint (Mar 2), and asked about their rates again, and they again quoted the
same numbers.  I then mentioned the bill.  The operator did some more
checking, then announced that yes, apparently they changed their rates at
the beginning of the year (Jan 1), and that billing was done based on the
new rates.  She was apologetic, and said she would call this to the company's
attention.

Apparently Sprint was still giving out the old rates, three months after new
rates were in effect!
                                              Andras


Phone Switch Resets (Webber, RISKS-9.88)

Avi Belinsky <abelinsk@sunee.waterloo.edu>
Thu, 3 May 90 01:14:28 EDT
    Some interesting but unimportant trivia about this case.  When I used
to work at Bell Northern Research (research arm of Northern Telecom) someone in
the know told me about this story.  Apparently it was known internally as the
gold ring problem.  A disgruntled employee would run his gold wedding ring
along the back of the Printed Circuit Boards and short the system, resetting
it.
    For a telephone switch provider, where down time called for in tenders
is one hour per 40 years, the damage to their reputation was enormous.
Apparently they lost millions tracking down this "bug" and even more in lost
sales from the bad reputation this flagship switch generated.  I believe they
tracked it down by matching operator logs with system resets.
    I heard that the operator was later found floating dead in the
Ottawa river :-)

Avi Belinsky                 Electrical Engineering, University of Waterloo


Other ways to get "Improving the Security of Your UNIX System"

<davy@itstd.sri.com>
Thu, 03 May 90 16:12:21 PDT
Due to the overwhelming demand (1000 FTP connections in 24 hours) for
my paper, "Improving the Security of Your UNIX System," I have made it
available via some other sources, listed below.

Thanks to the system administrators at these sites who've allowed me to
distribute the paper through their machines.

Dave Curry, SRI International

Last update: May 3, 1990

The SRI International white paper, "Improving the Security of Your UNIX
System," may be obtained via the following methods:

1. ANONYMOUS FTP
    The document is available via anonymous FTP from the following
    hosts:

    (West Coast)    Host: SPAM.ITSTD.SRI.COM
            Addr: 128.18.4.3
            File: pub/security-doc.tar.Z
    (West Coast)    Host: GATEKEEPER.DEC.COM
            Addr: 16.1.0.2
            File: pub/doc/sri-security-doc.tar.Z
    (East Coast)    Host: UUNET.UU.NET
            Addr: 192.48.96.2
            File: doc/security-doc.tar.Z
    (Midwest)   Host: TUT.CIS.OHIO-STATE.EDU
            Addr: 128.146.8.60
            File: pub/security/security-doc.tar.Z
    (MILNET)    Host: WSMR-SIMTEL20.ARMY.MIL
            Addr: 26.2.0.74
            File: pd2:<unix-c.info>security-doc.tar-z

    Transfer the file in "binary" mode from SPAM, TUT and UUNET, or
    "tenex" mode from SIMTEL-20.  After you get the file, execute
    the commands:

    % uncompress security-doc.tar.Z
    % tar xf security-doc
    % cd security-doc

    And now consult the README file.

2. UUCP
    UUNET subscribers can obtain the document via UUCP from UUNET using a
    command of the form

    uucp uunet!~/doc/security-doc.tar.Z destination-filename

    UUCP sites that are not UUNET subscribers will not be able to get it
    directly through them, but may be able to find another UUCP neighbor
    who has the file.

    You can obtain the file via "anonymous" UUCP from Ohio State University
    by placing the following line in your L.sys file:

    #
    # Direct Trailblazer
    #
    osu-cis Any ACU 19200 1-614-292-5112 in:--in:--in: Uanon
    #
    # Micom port selector, at 1200, 2400, or 9600 bps.
    # Replace ##'s below with 12, 24, or 96 (both speed and phone number).
    #
    osu-cis Any ACU ##00 1-614-292-31## "" \r\c Name? osu-cis nected \c GO \d\r\d\r\d\r in:--in:--in: Uanon

    and then issue the command

    uucp osu-cis!~/security/security-doc.tar.Z destination-filename

3. BITNET
    BITNET users may obtain the document via the European TRICKLE servers
    from the UNIX-SW archives.  To do this, use the TELL command as follows:

    TELL TRICKLE AT SOMEHOST /PDGET <UNIX-SW.INFO>SECURITY-DOC.TAR-Z

    where SOMEHOST is one of:

    DKTC11      Denmark
    TREARN      Turkey
    IMIPOLI     Italy
    BANUFS11    Belgium
    AWIWUW11    Austria
    DB0FUB11    Germany
    EB0UB011    Spain

    There are no TRICKLE hosts in the U.S.; the Europeans are graciously
    allowing U.S. BITNET users to access their machines.  Please be kind
    to them.  Sorry, but the LISTSERV machines at RPIECS and NDSUVM do
    not provide access to the UNIX-SW repository.

    The file will arrive in BITSEND, NETDATA format.  You should use the
    BITRCV command from RDRList to get the file.  (I have no idea what
    this means -- go find an IBM guru if you don't know either.)

    This will be a BINARY file.  You won't be able to do much of anything
    with it on an IBM system.  Instead, transfer it to a UNIX system,
    and then uncompress it and extract the tar file, and then format
    things.  See above under "FTP" for how to do this.

4. ELECTRONIC MAIL
    The document may also be obtained from the SUN-SPOTS archive server
    located on host TITAN.RICE.EDU.  In order to request the document,
    send a note with the word

    help

    to "archive-server@titan.rice.edu" (uunet!rice!archive-server).

    I don't, as of this writing, know what the path to the document
    will be, so you'll have to use the "index" command to hunt around
    for it.  It will probably live in the "sun-source" directory, so
    you may want to just send "index sun-source" instead of "help".

5. DECNET
    DECNET users can obtain the file by copying

        DECWRL::"/pub/doc/sri-security-doc.tar.Z"

    by using the COPY command, or whatever.


So many weapons, so little radio spectrum

The Bounty Hunter <chuq@Apple.COM>
5 May 90 02:34:32 GMT
>From the May, 1990 issue of Monitoring Times, Page 4:

Electronic Blizzard Brings Down U.S. Planes

The Scene is Libya, 1986. High in the sky, an armada of 33 high-tech U.S.
fighter planes begin their attack. But something is wrong. One plane, carrying
two crew members, crashes. Of the surviving 32 planes -- including five F-11's
-- seven are unable to get off even a single shot.  The probably reason: an
electronic blizard that, according to Pentagon officials, came not from the
Libyans but from high-powered U.S. military transmitters that filled the night
sky with electronic signals designed to jam Libya's anti-aircraft defenses,
hunt down targets, guide weapons and communicate.

According to Air Force Colonel Charles Quisenberry, during the Libran strike,
U.S. weapons "were interfering with each other." Numerous U.S.  weapons, some
of which were electronically guided, went astray during the attack, damaging
three foreign embassies and diplomatic residences, uncluding those of France
and Japan.

Further, says Quisenberry, some of this interference can "actually effect the
... aircraft's flight controls as well as its fuel controls," either putting a
plan into an uncontrolled turn or dive or turning off its fuel supply.

The Pentagon recently finished a classified seven-month investigation of the
prolem which led officials to order a more detailed three-year probe.
Preliminary studies of one war plan shows "thousands of [frequency] conflics"
among weapons. Says Quisenberry, "There are major, major problems out there..."


Und der Hyphisch (RISKS-9.83)

Andy Behrens <andyb@coat.com>
Thu, 3 May 90 15:13:13 EDT
If the Social Security office stores their database on a PC, and wants to hack
the program so it would allow hyphens, I'm sure they could find a PC Hacker to
do the job.  On the other hand, if they use a Mac and need someone to mess with
the program, wouldn't they have to hire a Mac Messer?

    [Ah, Mac(k) the Knife.  A few of you remarked on my earlier reference to
    "Und der Haifisch" (the opening words of the Three-Penny Opera, And the
    shark has pretty teeth, auf deutsch).  Thanks, Andy!  PGN]

Please report problems with the web pages to the maintainer

Top