precedence: bulk Subject: RISKS DIGEST 19.70 RISKS-LIST: Risks-Forum Digest Tuesday 28 April 1998 Volume 19 : Issue 70 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://catless.ncl.ac.uk/Risks/19.70.html Contents: A new kind of "sin attack"? (Keith Bostic) Pentagon break-ins and the release of classified information (Fred Cohen) Yes, Virginia, no classified information is ever leaked... (Identity withheld) Bill Gates' demo of Windows 98 (PGN) Software clandestinely uploading names and e-mail addresses (Valentin Pepelea) The problems of no human verification (Iain "Kaos" Holmes) Re: For want of a hyphen, you get porn (Identity withheld) Shoulder-Surfing Automated (Mark Brader) Re: Worried about Y2K? Now there's D10K! (Gregory Bond) "Experimenting" with the net's generosity and gullibility (George Swan) Re: 1/3 of Microsoft apps Y2K compliant (Li Gong) REVIEW: "Beyond Calculation", Peter J. Denning/Robert M. Metcalf (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 23 Apr 1998 12:34:22 -0400 (EDT) From: Keith Bostic Subject: A new kind of "sin attack"? Excerpted: WhiteBoard News for Wednesday, April 22, 1998 Forwarded-by: Joseph Harper [Edited for RISKS. PGN] Polish Catholics can now plot graphs of their sins with a new computer program designed to help them confess. It is based on the prayer book and poses 104 searching questions to help users track their fight against sin and archive the results. [See the Gazeta Wyborcza daily, 22 Apr 1998, with the headline: "I sincerely repent. Enter."] Sins are listed under Biblical commandments and according to their gravity, with a questionnaire asking whether they have been committed or not. [The creator of this program is author Andrzej Urbanski.] Sinners need not fear their darkest secrets getting out, as files with intimate data are protected by password. [Sin-sation-seeking media folks will certainly try to crack the passwords or otherwise bypass the security controls. Also, I suppose Special Prosecutor Starr will subpoena entries in the database for "Lewinski" along with any Poles in the left-half plane. (Please excuse my adaptation of an old circuit-theory complex-analysis pun. I guess it won't make much sense to novices (!), but then fixed passwords don't make much sense either if they fly around unencrypted.) PGN] ------------------------------ Date: Wed, 22 Apr 1998 18:03:12 -0700 (PDT) From: Fred Cohen Subject: Pentagon break-ins and the release of classified information I saw on the news today that more "worst ever" computer breakins were detected by the Pentagon today, and again we saw the claim that no classified information was released. I thought it would be worthwhile to comment on this issue: 1) Specifics of any break-in to a classified system are classified, so it is unlikely that anyone would openly admit to any details of such a thing except in a classified forum. The fact of breakins is not in itself classified (according to the classification people I have talked to) but many organizations view this as rather sensitive. 2) Even if no classified information were ever leaked, most the aggregate national harm that could result from information in unclassified systems far outweighs the total amount of classified information -- the last time I looked, by at least a hundred to one. 3) I saw a recent story in the news on the success of NSA red-teams against the national power grid, government systems, and command and control capabilities of DoD systems (as reported via the President's Commission on Critical Infrastructure Protection in something the news cited as "Eligible Receiver"). It is noteworthy that this likely involved no classified systems, and yet the claim by the media is that this demonstrated the ability to take down the whole country. In my mind, these and other seemingly bizarre examples lead me to question the whole way that we think about confidentiality (and certainly classification). In one risk-management talk I give, I present a range of strategies, one of them being "run faster". It seems that in almost every commercial audience I talk to, the "run faster" strategy is embraced as far superior to all of the other protection options at their disposal. Perhaps it's time that the government learned to run faster as well. Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:510-454-0171 [Of course, a "run faster" is someone who fasts and runs to lose weight. A diet restricted to systems with better security would help. PGN] ------------------------------ Date: Wed, 22 Apr 1998 From: Identity withheld Subject: Yes, Virginia, no classified information is ever leaked... [Serendipitously, the following came my way. PGN] United States Government, Department of Energy [memorandum] DATE: April 10, 1998 SUBJECT: E-Mail Concerns To: [...] Attached for your information and use is a statement from [...] expressing concern relative to recent occurrences involving transmission of classified information via unsecured e-mail systems. As requested by [...], please provide the widest possible dissemination of this information so that all personnel using e-mail systems are aware of this issue. Personnel should be aware of and cautioned on the ease in which information can be compromised through the use of e-mail; the extensive damage which can result; and the significant impact placed on resources to resolve such incidents. In addition, all personnel should be reminded of their continuing individual responsibility to always protect classified or sensitive information in any form from potential or actual compromise, including through the use of e-mail systems. If you have any questions or need additional information regarding this correspondence, please contact [...] Attachment United States Government, Department of Energy [memorandum] DATE: FEB 24 1998 SUBJECT: E-Mail Concerns [...] Recently, it has come to my attention that there has been an increase in the number of instances where classified information is being transmitted through the use of our e-mail systems. This situation is unacceptable; action must be taken to heighten awareness regarding the potential for loss or compromise of classified information. In most cases, our e-mail correspondence enjoys no protection from electronic "snooping." The messages are being transmitted, in clear text, across the Internet. In some cases, the original e-mail message has contained classified information. In others, as individuals modified a draft document, the aggregate of information caused the entire document to be classified. It is each supervisor's responsibility to that his /her personnel use good judgment prior to sending information electronically. It is DOE policy, and policy at all [...] sites, that information be reviewed for classification prior to dissemination. This is not happening when individuals are sending e-mail messages. Individuals must take the time to ensure that information being sent by e-mail is ONLY of an unclassified nature. If necessary, messages must be checked by an Authorized Derivative Classifier prior to being sent. In addition, it has been noted that the Infraction Program has been inconsistently applied. Appropriate disciplinary action must be taken for all instances of this type. Please provide this memorandum the widest possible dissemination, to ensure that all personnel are aware of this issue. Any questions may be addressed to the [...] Information Systems Security Operations Manager, [...]. [An internal Daily News web site contained the following message, Tuesday, April 21, 1998:] On the home front: Yesterday someone e-mailed classified info to a [YYY] colleague. Says computer security manager [BBB], "Unless we can rely on [ZZZ]'s good judgment, we'll be forced to funnel all e-mail messages through a 'text filter' that looks for key words and phrases and kicks out suspect messages for review by classifiers. Even the most sophisticated filters will slow our e-mail correspondence, internal and external, to snail-mail pace. PLEASE don't assume that, because some fact is intuitively obvious to you, it's non-sensitive or unclassified!" ------------------------------ Date: Thu, 23 Apr 98 16:59:39 PDT From: "Peter G. Neumann" Subject: Bill Gates' demo of Windows 98 Bill Gates was giving a demo of Windows 98 (scheduled to be released in June) at the Comdex trade show in Chicago earlier this week. The system crashed when a scanner was plugged in during the demo. He had to switch to another system. There have been frequent comments about how Bill Gates won't worry about something until it bites him personally (where typical values of "something" are reliability, availability, system survivability, and SECURITY). ------------------------------ Date: Fri, 24 Apr 1998 07:48:03 GMT From: valentin@netcom.com (Valentin Pepelea) Subject: Software clandestinely uploading names and e-mail addresses TWO ITEMS: 1. NEWS.COM reports [23 Apr 1998] that Blizzard Entertainment, developer of the popular online-playable Starcraft game has been uploading the names and e-mail addresses of its users without their knowledge or consent. According to Blizzard, those names were uploaded only when the users failed to successfully connect to their game servers, so that Blizzard employees may call them back to help them out. The company has come under fire from privacy advocates, and users have complained on Blizzard's technical support forums. Blizzard spokeswoman Susan Wooley said today that the company would not collect names without consent again. 2. Virgin Entertainment Inc. has published an on-line game called Subspace. The game underwent a 2-year beta cycle, during which thousands of people played the game for free. Virgin finally started selling the game commercially in December 1998. In a recent update of the game, (required and downloadable) the CD-ROM disk must be present in the CD-ROM drive for the game to work. Some inventive users have hacked the game to avoid the CD-ROM check. This subject was discussed on VIE's technical help bulletin board, and the reaction of Rob Keir, an employee of VIE and developer of the game, was frightening: "I added code to 1.34 to defeat this kind of crack (essentially it patches the DLL import table at runtime) and now, unsurprisingly, I see they have brought out an almost identical crack for 1.34 (which again works). However, we now detect this crack but have not implemented kicking people out for using it. Instead, we are gathering a nice list of people who are abusing our game by using this crack! Simply by playing the game when using this crack you are now on our blacklist! It will be up to our bosses to decide what to do from hereon. Don't blame me for the consequences." As far as I know, this is the first time that a company collects information clandestinely from users sent through the Internet with the explicit intention of hurting those users. About half of the users of this game are under 18. Players are located throughout the world, so it is possible that VIE's action is illegal in at least one country. As a software developer, I'm not sure which risks I fear most, pirates copying my software, or other developers writing software that uploads information from my machine without my consent and knowledge. "Where do you want your information to go, today?" Valentin ------------------------------ Date: Sat, 25 Apr 1998 04:23:06 +1100 (EST) From: Iain "Kaos" Holmes Subject: The problems of no human verification I was talking with some friends over IRC and there was an item on the TV news about the CIA kids web site, so I decided to look up the URL for them, I went to yahoo ( http://www.yahoo.com ) to check where it might be so after a few clicks I find myself at http://www.yahoo.com/Government/Intelligence/Countries/ at this point I notice my home country Australia has a link, and make a mental note to come back & check it out. I return to see what is under Australia and find what claims to be a link to ASIO (Australian Intelligence Security Organisation) but the link actually points to http://armidale.nsw.uca.org.au/asio/ which turns out to be a non-existent page on the server for a diocese of a church, nothing to do with any government intelligence organisation. This raises a few questions in my mind; i) Can the search engines trust the data given to them by anonymous people? ii) Should a webserver give you an error when you have specified something that doesn't exist or should it try and second guess what you meant? iii) If the answer to ii) is the later, how do you test it? It seems to me that someone has checked that the web spider/robot/whatever has done something sensible, but not checked that the end result is valid, a danger for those of us involved with automated testing. Iain "Kaos" Holmes Control (Australia) Pty Ltd kaos@ctrl.com.au http://www.ctrl.com.au/ ------------------------------ Date: Mon, 16 Mar 1998 13:59:28 -0500 From: Identity withheld Subject: Re: For want of a hyphen, you get porn (Willing, RISKS-19.63) This sort of thing sounds similar to something I discovered during a recent incident in which my 11-year-old son attempted to access adult web sites. As would be expected from someone his age, he gave a litany of excuses trying to convince me he had gotten into the site by accident or due to viruses/hackers/ etc. However, one of them turned out to be true. BTW, this was using Netscape 3.0 16-bit with a PPP dialup. When I visited one of the adult sites in question, I was suddenly taken to a different site in a fashion similar to what one sees when a site has been moved and the old site has a "server push" pointing to the new one. However, both sites were added to the stack (the browser's internal list of sites), and the first site turned out to include pointers to several other adult sites and would automatically redirect the user to a different one each time. The net effect of this is that when visiting one of these sites in this manner, pressing the "Back" button takes you to another adult site, ad infinitum. The user can, of course, still get out by selecting "Go" from the menu bar and backing out two or more levels, or using a bookmark or entering the name of a site manually, but to a user who is in the habit of using the "Back" button to leave a website this behavior is disconcerting, and is suspect when it occurs in an adult site. ------------------------------ Date: Wed, 22 Apr 98 00:08:21 EDT From: msb@sq.com (Mark Brader) Subject: Shoulder-Surfing Automated According to TV news reports tonight (CTV National News and CFTO News), criminals secretly installed a miniature camera in a gas station in the Toronto suburb of Newmarket. As customers were using debit cards to make payments directly from their bank accounts, their fingers would be videotaped to obtain their secret personal identification numbers (PINs). The gas station clerk, who was in on the scam, would provide data from the card reader, and you can guess the rest. A dummy card with a copy of the machine-readable data; a midnight trip to an ATM; the PIN from the videotape, and cash in hand. The withdrawals were made at midnight so that the maximum daily amount could be obtained twice on one visit. Three suspects, all from the Toronto area, have been charged; nothing was said about how they were identified. Police refer to "hundreds of thousands of dollars" being taken, and say that the criminals were planning to expand soon to another 5 gas stations. Mark Brader, msb@sq.com ------------------------------ Date: 06 Apr 1998 16:35:20 +1000 From: Gregory Bond Subject: Re: Worried about Y2K? Now there's D10K! Similar problems have already occurred in the Australian stock market: - The number of shares on issue for a company exceeded 2^31 - The number of trades in a day exceeded 60,000 [which did nasty damage to the live trading system] - The market value of a company exceeded $10b - An index reached 10k points All of these caused minor problems and plenty of red faces without in any sense being Armageddon. The most serious was the 60k trades in a day problem that occurred late last year with the IPO of the local telecoms monopoly. [This exceed by a factor of nearly 3 the previous peak number of trades in a day.] This caused some market summary information to be lost but trading was still possible. But on the other hand, we don't (yet) have live electronic trading and on-line automated risk management trading strategies that will decide the DOW has just fallen from 9990 to 0010 so it's time to SELL! Gregory Bond ITG Australia Ltd, Melbourne, Australia ------------------------------ Date: Sun, 26 Apr 1998 05:33:27 -0400 (EDT) From: George Swan Subject: "Experimenting" with the net's generosity and gullibility I subscribe to the newsgroup alt.support.thyroid. Earlier this week (21 Apr 1998) an off-topic post appeared. A guy named David Dameron posted what would have been a heart-rending story of how his baby daughter was suffering from a rare, fatal, real-sounding, liver disease, and how he and his wife were turning to the internet to raise the $100,000 they would need for her life-saving liver transplant. I checked, and he had posted the same identical article to other newsgroups in the "alt.support.*" hierarchy. A few readers were suspicious. I reported him to the postmaster@dejanews.com, the site where the article was posted. Dejanews told me he had been warned not to do it again. (I still don't know whether it was the SPAM or the subterfuge they objected to.) Anyhow, Dameron came clean a few days later. Here is the first paragraph of his retraction: "This is David Dameron posting to let everyone know that I have been conducting an experiment on the Internet. I was the person who posted the message regarding raising money for my daughter who was in need of a liver transplant. Well, the story was a complete fabrication on my part and was used only to raise the issue of fraudulent fundraising on the Internet." In the rest of the article he says he is a free-lance writer, that he was planning to write an article on fraudulent ads on the Internet, that he was going to return the cheques of anyone who fell for his story, with an admonition not to be so gullible in future, and that he advised his local police department of his plan. This is not the first fund-raising attempt I have seen in which the perpetrator later claimed it was an "experiment". The first one was a few years ago. The perpetrator of that one an undergrad. I'll spare you the details. I was suspicious, and asked him some tough questions via e-mail. When he admitted to me that it was an "experiment" in measuring the generousity and credulity of the internet I decided to report him the system administrators of the University's computer system, with a suggestion they forward the details of his "experiment" to his faculty adviser and the University's office of human research. It seemed to me that his "experiment" fell short of the ethical requirement that his subjects be able to give prior informed consent. The risks here? Is it possible that these individuals may have decided to wait to see if how many people twigged? If no-one noticed the subtle clues, maybe it is more lucrative to cash the donation cheques than to write the free-lance article? So far as I am concerned both of these experiments were unethical. Dameron didn't say he advised the Police _prior_ to the experiment. And unless I contact the North Hollywood police department, I wouldn't have any confidence that he did. I certainly don't think the Police should give even tacit approval to this kind of subterfuge. I suppose Dameron's article would be on to be a high-liver? To a first approximation, BEWARE of ALL Internet solicitations. PGN] ------------------------------ Date: Wed, 22 Apr 1998 14:02:46 -0700 From: Li Gong Subject: Re: 1/3 of Microsoft apps Y2K compliant (Stalzer, RISKS-19.69) The latest issue of Fortune has an article discussing law suits already filed for Y2K problems. A major argument by the plaintiffs is that although a minor upgrade would solve the compliant issue, the fact that a recent version of software is non-compliant means that it is defective and thus damage must be paid. Many of already filed cases have been settled out of court, according to the article. Li Gong, Java Software Division, Sun Microsystems ------------------------------ Date: Fri, 24 Apr 1998 08:47:22 -0800 From: "Rob Slade" Subject: REVIEW: "Beyond Calculation", Peter J. Denning/Robert M. Metcalf BKBYDCAL.RVW 980207 "Beyond Calculation", Peter J. Denning/Robert M. Metcalfe, 1997, 0-387-94932-1, U$27.00 %A Peter J. Denning %A Robert M. Metcalfe bob_metcalfe@infoworld.com %C 175 Fifth Ave., New York, NY 10010 %D 1997 %G 0-387-94932-1 %I Springer-Verlag %O U$27.00 212-460-1500 800-777-4643 wborden@springer-ny.com %P 313 p. %T "Beyond Calculation: The Next Fifty Years of Computing" Fortune telling is a mugs game. The more so in a rapidly changing field like information technology, where a single technical innovation can advance the work ten years, and a business instigated lawsuit can retard development a like amount. As James Burke points out in the foreword, invention changes life and society in elusive ways that are difficult to observe and almost impossible to predict. However, if anyone can give us a glimpse of what might be ahead, it is the stellar who's who of computing represented by most of the pieces gathered in these pages. It is also worth noting that Denning and Metcalfe have done a superior job in grouping, organizing, and introducing the essays. However, while all of the papers are informed, and many are stimulating, too many of them signally fail to boldly go where computing hasn't already been. Part one of the book looks to the technical developments that we can reasonably foresee over the next fifty years. Bell and Gray start off in "The Revolution Yet to Happen" with a review of the growth (and shrinkage) of computing hardware based on past trends, which indicates a future of massive numbers of high powered computers per person and a ubiquitous network linking everything. Cerf presents a scenario of what computers will be like "When They're Everywhere" as well. Frankston acknowledges the problems with endlessly projecting current growth trends, but points out that developments outside the information technology field will help us go "Beyond Limits." If we miss the mark in estimating the future it will probably be because of failing to see the forest of evolution for the trees of specific technologies, or, as Dijkstra puts it, "The Tide, Not the Waves." Hamming also tells us "How to Think About Trends" in considering the progress of computing itself, outside fields, and society at large. Weiser and Brown project a "Coming Age of Calm Technology" from an extension of historical "periods" of computing. These papers are thought provoking, but certain omissions, like the lack of mention of the age of the minicomputer, point out the haste of preparation that went into the book. Other gaps point out the volunteer nature of the book: although all but one of the essays sees great things coming from networking, and although a number of the authors have contributed to networking, none is primarily involved with telecommunications. An advance in routing technology and the assignment of a small section of spectrum to personal computer use would have more impact on computing than any breakthrough that would allow Moore's law to continue beyond 2010. Part two looks at the topic of human-machine interaction, largely in the broadest interpretation of the concept of machine intelligence, and at the impact that may have upon who we are as human beings. Unlike the network basis of Tapscott's "Growing Up Digital" (cf. BKGRUPDI.RVW), Turkle explores "Growing Up in the Culture of Simulation." Her points are interesting, but not, perhaps, compelling, relying as much on fairy tales as on harder forms of reality. In "Why It's Good That Computers Don't Work Like the Brain,", Norman states that machine and human intelligence cannot be compared because they are orthogonal and complementary. He raises a number of interesting questions but, somewhat frustratingly, doesn't address them. In "The Logic of Dreams," on the other hand, Gelernter proposes that we examine and try to model even more areas of human cognition, even those as seemingly non-mechanical as emotion. Alt generally seems to agree with Norman, and in "End-Running Human Intelligence" he suggests some interesting areas where expert systems may supplant, or at least assist, human experts. Abrahams suggests that difficulty of design as well as societal factors may hinder the computer and robotic target of "A World Without Work." However, his assertion that sex, preaching, art and other activities are strictly limited to human endeavour I find less than compelling in view of fetishists, televangelists, and "Danielle Steel" knock-offs that are acceptable to steadfast fans. (For the purposes of this review, we will not enter into disputes as to whether writings by Danielle Steel constitute art.) In "The Design of Interaction," Winograd traces the history of information technology from computing to communication, from hardware to specific application (in stark contrast to the attempts of any entire generation of computer literacy teachers to explain the computer as a toolbox), and from oddity to personal tool. (My own projection of these trends is to envisage a person surrounded by a host of well informed tutors for any task, but I don't think this is where Winograd goes with it.) In terms of prognostication this section is disappointing since, with the exception of Alt, most of the essays are generally philosophical without much attempt made to project ideas forward. Business and innovation is the topic of part three, but, again, more of it looks back than forward. Evans description of IBM as "The Stumbling Titan" may have lessons to suggest, but it doesn't say where the next decade will lead, let alone fifty years. In "The Leaders of the Future" Flores traces the movement from computing to communications, and then extends it to articulation of business vision. His extension, however, is little more than an assertion without analysis of how advances in technology will make this possible. Data security is under increasing attack from "ease of use" in technology. Druffel's look at "Information Warfare" shows that the current situation is pretty deplorable but it doesn't go much beyond that. A staple of the cyberpunk genre is the rise of the corporation beyond the state. Mowshowitz does visit this future in "Virtual Feudalism" but doesn't try to test it against the virtual corporations mentioned elsewhere. Chamberlin's vision of "Sharing Our Planet" raises interesting and fairly convincing points about the fact of evolution in software, but his cultural prediction seems to rest mostly on wish fulfillment. In "There and Not There," Mitchell and Strimpel's review of telepresence starts out by noting that presence costs. Unfortunately, they don't follow up with the obvious corollary: that, due to bandwidth, high fidelity telepresence is going to have a cost as well. Tsichritzis tells us that "The Dynamics of Innovation" have to change, but his proposal seems to be merely a restating of the old battle between basic research and technical development. Similarly, Dennings' exposition of "How We Will Learn" is a market forces based view of the time-hallowed spat between universities and technical institutes, vocational schools, or even guild halls. To a certain extent, I feel a lack of imagination in these writings. There is discussion of networking, but not distributed processing, as an extension of parallel processing, or Fred Cohen's proposed viral computing environment, as an extension of both. While this hesitation on the part of the authors may be disappointing, at least the material is a great deal more thoughtful and thought provoking than too many of the blue sky visions of the road ahead. copyright Robert M. Slade, 1998 BKBYDCAL.RVW 980207 ------------------------------ Date: 31 Mar 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.70 ************************