RISKS-LIST: RISKS-FORUM Digest Friday, 23 October 1987 Volume 5 : Issue 48 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer Weather Forecasting (Jonathan Bowen, Robert Stroud) Phone Service Degradation -- and 911 (Scot Wilcoxon) Terrorism (Charles Shub, William Swan, Elliott Frank) More on password security -- clean up your act (Jeremy Cook via McCullough) Consumer Protection Act (Richard S. D'Ippolito) Re: UNIX Passwords (Russ Housley, Richard Outerbridge) Use of Social Security Numbers (James Peterson) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: Fri, 23 Oct 87 18:06:00 BST From: bowen%prg.oxford.ac.uk@NSS.Cs.Ucl.AC.UK To: "RISKS FORUM - Peter G. Neumann -- Coordinator" Subject: Freak winds in southern England From front page of "Computer News", 22 October: ``The Metorological Office will look at the performance of its Control Data Cyber 205 supercomputer as part of its investigation following last week's hurricane-force winds. The office has been criticised for failing to predict the speed and path of the storm. A spokesman for the Metorological Office said that the equipment, including computers, was always under consideration. He added: "The Cyber is not an easy machine to work with but all computers are fallible." Control Data did not comment. The Reading-based [southern England] European Centre for Medium Range Weather Forecasting, which supplies longer range data directly to the Bracknell centre [Met Office, close by], is happy with its Cray X-MP 48 machine. "We originally had a Cray-1 before upgrading to an MP 22 and MP 48 and we are exceedingly happy with our machine. "It gets better and better," said a spokesman.'' My understanding is the main reasons for lack of success in predicting the winds were a) lack of data (the storm came from over the sea -- fairly normal in Britain! -- where there are few weather stations) and b) lack of computing power (and lack of good algorithms?). It has been reported in Britain that (mainland) Europeans were warned not to come to Britain up to 36 hours before the storm (presumably by forecasts from the European Centre mentioned above). It was not made clear as to whether storms were predicted in the English Channel or actually in England. The storm unexpectedly changed direction and increased in ferocity when it struck England. The BBC TV weather forecast (which uses the Met Office) the night before mentioned than someone had rung up to say they had heard a hurricane was heading in our direction, but the weather forecaster assured us it was not. The storm WAS predicted by the Met Office a few hours before it struck, but most people were in bed by this time. England being rather parochial, most radio and TV stations shut up shop at night. Had it occurred during the day, then storm warnings would have been broadcasted. Jonathan Bowen, Programming Research Group, Oxford University ------------------------------ From: Robert Stroud Date: Fri, 23 Oct 87 15:11:56 +0100 To: risks@csl.sri.com Subject: Computer Weather Forecasting The following letter was published in The Independent on Wednesday 21 October. It comes from Norman Lynagh who is the managing director of Noble Denton Weather Services. I have no idea whether he is offically associated with the Meteorological Office but his letter seems to be a clear and accurate statement of what went wrong with the forecasting of last weeks gales. It also contains some interesting insights into the state-of-the-art in weather forecasting. The bottom-line seems to be the familiar GIGO. Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne ARPA robert%cheviot.newcastle@cs.ucl.ac.uk UUCP ..!ukc!cheviot!robert * * * * * * * * * * * * * * * Reproduced without permission from The Independent, Wednesday 21 Oct 87, p. 19 Copyright (c) Newspaper Publishing PLC 1987 Dear Sir, The Met Office has come under a great deal of criticism as a result of its failure to predict the severe storm in SE England last Friday morning. Some of what has been said is accurate but a great deal has been unfair criticism. Despite what has been said by many people, it was not until about 8pm that it was really apparent that something out of the ordinary was developing. Even at that stage it was not at all certain that exceptionally strong winds would hit SE England. It was only an increasing threat. By about 11pm it was certain that a storm of unusual severity would hit the SE. There have been reports from various sources that warning had been given by other meteorological services several days before the event. This is only half true and, in any case, the Met Office was one organisation which did give such a warning. Several of the most powerful meteorological computers, including those at the Met Office in Bracknell and the European Centre for Medium Range Weather Forecasting at Reading, predicted five days in advance that there would be a major storm somewhere in the region of southern England or northern France towards the weekend. In broadscale terms, this prediction continued each day after that, but the state-of-the-art in weather forecasting is such that it was impossible to predict in any detail either the severity of the storm or precisely when it would strike. The depression which caused the storm had existed for several days before it struck in SE England. Indeed, it was giving force 11 winds NE of the Azores two to three days earlier. However, during last Thursday, as it moved quickly NE into the Bay of Biscay, the structure of the depression was far from clear. As Murphy's Law always seems to dictate in such situations, there were very few observations available in the vicinity of the depression and it was very uncertain as to what was exactly happening in Biscay. As mentioned earlier, it was not until Thursday evening that the situation became clear and it became obvious that the SE was going to have a night to remember. Meteorology now uses the most powerful non-military computers in existence but the advances in the quality and quantity of input data have not kept up with the computer technology. No matter how good the computer and the software, it will not do a very good job if it is given inaccurate input data. Summarising all the above, I do not think the Met office can be blamed for failing to give a day or two's warning of a once-in-a-lifetime event. The state-of-the-art of weather forecasting is such that the way this storm developed and the precise detail of its effects could not be forecast more than a few hours in advance. What is more open to close scrutiny is why warnings to the public were not issued until after midnight. I think they could well have been issued three or four hours earlier but that is with the benefit of hindsight and it is really a question which only the Met Office can answer. Yours sincerely, Norman Lynagh, Managing director, Noble Denton Weather Services, London EC1 ------------------------------ Date: 23 Oct 87 09:30:00 CDT (Fri) From: umn-cs!sewilco@datapg.MN.ORG (Scot Wilcoxon) To: meccts!umn-cs!umnd-cs!csl.sri!risks@csl.sri.com Subject: Phone Service Degradation -- and 911 As reported in RISKS 5.46, on October 17th the sale of World Series tickets in Minneapolis, Minnesota, severely affected telephone service throughout the upper midwest. NW Bell estimates about 200,000 calls were attempted to the sale number in the first hour, and a similar load continued for hours. Most telephones in the Twin Cities area had delays (with clicking noises) until a dial tone eventually appeared (20-40 seconds on one of my phones and I stopped measuring at 2 minutes on the other). Phone service was slowed throughout the state and in parts of Iowa, Wisconsin, North and South Dakota. Some incoming long-distance callers to other numbers report no problems. At the customer's request, before the sale Northwestern Bell had set up a temporary choke-type network to restrict the number of calls to the prefix and number from central offices in the area. Despite the restrictions, the sheer volume of calls overwhelmed the network. A NW Bell spokesman says the problem was probably exasperated by customers with automatic redial. Fortunately the sale was not scheduled for a business day. There were interesting differences between this situation and those caused by broadcast prize giveaways. The first was the large quantity of tickets that stretched the demand over several hours, even after the sellout at 11:30 AM. The Minneapolis-St. Paul toll-free calling area is one of the world's largest, but since every successful caller would get rewarded by being able to buy these prized tickets there were many incoming long-distance call attempts. Iowa might have had an interesting situation if St. Louis had attempted the same thing at the same time from the south -- a possibility due to the limited time to sell the tickets. Phone calls for UUCP sites generally failed, since most modems and systems can not detect dial tone. UUCP logs showed 80-85% failure rates during that time. Fortunately, most USENET news transfers in the state are scheduled for times other than the period affected so there was not a large backlog of data trying to flow through most sites. I will be suggesting to the Minnesota Public Utilities Commission that they try to have 911 protected from this kind of problem. I think the way to reduce giving a delayed dial tone to everyone is to try to give greater delays to people trying to dial a number causing an overload. Preferably also give even greater delays to repeat callers or autodialers. Presently the local carrier is required to give equal service to everyone, even if that means giving equally bad service. Scot E. Wilcoxon sewilco@DataPg.MN.ORG {ems,meccts}!datapg!sewilco Data Progress Minneapolis, MN, USA +1 612-825-2607 ------------------------------ Date: Thu, 22 Oct 87 22:07:06 MDT From: Charles Shub To: RISKS@KL.SRI.COM Subject: Terrorism Organization: University of Colorado at Colorado Springs >From: Graeme Hirst (RISKS-5.47) > >In RISKS-5.44, Scott Dorsey (kludge@pyr.gatech.edu) writes: ... >>Have there been any cases of terrorist or political attacks on comp centers? Along about 1970 (around the time of Kent State) there was a bombing at the comp center (and a megabuck fire at the student union) at the University of Kansas. I was on my way to the comp center from my office when the bomb went off, and had it not been for some fortuitous circumstances that delayed me that evening, would have been at a terminal about 15 feet from the explosion when it happened. The computer operators suffered some minor injuries and some permanent hearing losses. Our terminal server was a Datanet 30. The explosion blew the doors off it, but it was still running until the machine was shut down. I could probably tell some war stories about the incident, but this digest is not the proper place for that. If anybody is interested, I'll provide more details on the haziness of my recollections privately. cdash aka cdash@boulder.colorado.edu aka ...hao!boulder!cdash aka ...nbires!boulder!cdash aka (303) 593-3492 ------------------------------ Date: Wed, 21 Oct 87 11:10:20 pdt From: uw-beaver!tikal!sigma!bill@RUTGERS.EDU (WIlliam Swan) To: risks@kl.sri.com Subject: Terrorism (Re: RISKS-5.45) Organization: Summation Inc, Kirkland WA The computer center at U.C. Santa Barbara was taken over by protesters in the spring of '75. Although the computer room was secured behind locked doors it was easy for them to get control - several demonstrators merely lounged in the hall outside until an operator came, then when she unlocked the door to go in one grabbed her and held the door open for the rest. One operator inside shut the machine down immediately. Then the protesters ushered (all?) the operators out, and took over the entire building - taping printouts over all the windows and doors. They threatened to destroy the computer if their demands (more money for radical leftist groups) weren't met. The place was held for several hours (interesting sight: small group of demonstrators just outside the building, group of angry EECS students around *them*) before the police moved in and hauled the demonstrators away. (Another interesting sight: the leaders of the demonstration, very visible throughout the takeover, managed to vanish just before the police reached the building, leaving the rest to be taken away in the paddy-wagons.) The machine was not damaged. Bill Swan sigma!bill ------------------------------ To: comp-risks@ames.arc.nasa.gov From: esf00@amdahl.amdahl.com (Elliott S. Frank) Subject: Re: RISKS DIGEST 5.47 Date: 23 Oct 87 18:21:36 GMT In RISKS-5.45, Brent Chapman (koala!brent@lll-tis.arpa) writes: >Have there been any cases of terrorist or political attacks on comp centers? During the student riots at Columbia (April, '68), the computer center lobby was briefly 'occupied'. The operators prevented access to the machine room, and the center was then closed and locked for the duration of the disturbance. The occupiers (who included physics grad students and others familiar with the computer center and its operation) were aware that the university's corporate data processing was done on a separate system; that having the administration shut down the computer center was as effective and as disruptive to the routines of the university as shutting it down themselves; and, that due to the pricetags of the equipment involved (several million $$), the administrators might act 'irrationally' to protect the equipment. Elliott Frank ...!{hplabs,ames,sun}!amdahl!esf00 (408) 746-6384 or ....!{bnrmtv,drivax,hoptoad}!amdahl!esf00 [the above opinions are strictly mine, if anyone's.] ------------------------------ Date: Fri, 23 Oct 87 9:50:09 PDT From: mccullough.pa@Xerox.COM Originally-From: Jeremy Cook Subject: More on password security -- clean up your act To: RISKS@csl.sri.com from SUN-SPOTS DIGEST Volume 5 : Issue 53 Date: Wed, 14 Oct 87 10:10:38 NOR From: Jeremy Cook Subject: Backup procedure Our systems guy (Tom) came up last Monday evening to backup our Sun. He was new to the job however and didn't know the root password. He phoned Ingolf, but Ingolf didn't know it either so Ingolf, who was meeting Kikki in town, asked Kikki. Kikki phoned in to Tom but the switchboard was closed so the cleaning lady answered. Kikki told the cleaning lady the root password, the cleaning lady went down to Tom and told him and Tom came up to do the backup! -- Jeremy ------------------------------ Date: Thursday, 22 October 1987 13:24:34 EDT From: Richard.S.D'Ippolito@sei.cmu.edu To: risks@csl.sri.com Subject: Consumer Protection Act In RISKS 5.46, there is a discussion by Jonathan Bowen about this Act which states that only a "casual" link is required to be shown between the software product and the injury. I would hope that the correct word is "causal". ------------------------------ Date: 23 Oct 87 07:48:57 PDT (Friday) Subject: Re: UNIX Passwords From: "Russ_Housley.XOSMAR"@Xerox.COM To: RISKS@KL.SRI.COM cc: davy@intrepid.ecn.purdue.EDU In RISKS 5.45, Dave Curry explains the process that is used in UNIX to get from a password to an encrypted password. There are other systems that use similar schemes. For example, Multics also uses the low-order seven bits of each character in the ASCII password as input to a cipher routine. Multics uses these bits as both the key and the data. Dave claims that the truncation of the password to eight characters is not serious. I agree -- if the user knows that only the first eight characters are really being used. When a user enters more that eight characters for the password, UNIX should provide a warning that only the first eight are used. Multics provides such a warning. Is the "modified DES" used by UNIX a one-way hash? Russ Housley, Xerox Special Information Systems, Vista Laboratory ------------------------------ Date: Thu, 22 Oct 87 00:16:39 EDT From: Richard Outerbridge To: csl.sri!RISKS%ai.toronto.edu@RELAY.CS.NET Subject: Re: UNIX Passwords The eight-character limit may have been designed in, but direct mapping into DES keys is no feature. The average entropy of English is about one bit per letter over blocks of eight or more letters; so rather than 56 bits of equivocation the routine assuredly provides eight. Hashing long strings together using CBC or CFB message authentication techniques yields eight byte hex strings in which every last trace of equivocation is present in a 'random' looking pattern. Time for a change of password routines. ------------------------------ Date: Thu, 22 Oct 87 21:41:35 CDT From: James Peterson To: risks@csl.sri.com Subject: Use of Social Security Numbers We know that the new tax law requires a Social Security number for each dependent age 5 or older (if you want to list them as a deduction). Our school district is doing its part to make this easier for parents (and themselves). They are required "to identify students with either a Social Security number or an assigned number." Since many kids may not have an SS number, they have sent home a form to fill out to apply for a number. The school will provide copies of their (the school's) records to SS as part of the application for SS, and the SS cards will be distributed through the school. Of course, the form (that HAS to be returned) includes six options including (1) My child already has a social security number of ___ __ ____ (2) We have already applied; I will notify the school of the number when it arrives, (3) ... There is no option for (7) My child has one and it is not to be used to identify school records. ------------------------------ End of RISKS-FORUM Digest ************************