RISKS-LIST: RISKS-FORUM Digest Monday, 26 October 1987 Volume 5 : Issue 49 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Freak winds in southern England (sufrin, Franklin Anthes) On the Risks of Using Words That Sound Similar (Bruce N. Baker) CD, Terrorism, Stocks (Jim Anderson) The Stock Market Computers and SDI (Bob Berger) (Almost too much of) Password Encryption (Matt Bishop, Mark Brader) Re: Phone Service Degradation -- and 911 (R.M. Richardson) INUSE.COM Program (Chris McDonald) Free phone-calls (E. van Batenburg) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- From: sufrin%prg.oxford.ac.uk@NSS.Cs.Ucl.AC.UK Date: Sat Oct 24 23:56:06 1987 To: RISKS%kl.sri.com.us@NSS.Cs.Ucl.AC.UK Subject: Freak winds in southern England I wonder what the average English resident would have done if there HAD been advanced warning of last week's hurricane? My guess is that the most probable reactions would have been something like: 1. Don't be silly; this is England. 2. Let's take the kids outside and watch. The Oxford Literati would of course have rushed around quoting Bernard Shaw (Pygmalion) to the effect that "In Hereford, Hertford and Hampshire, hurricanes hardly happen". "I must go and tie the roof of my house down, and make sure that my neighbours' chimneys and trees are all secure" comes in way at the bottom of my list of likely reactions, and I can't help asking what the emergency services or the utility companies COULD have done if they had known a few hours earlier (apart from cancelling leave). Perhaps the weather forecasters did us all a favour! There would have been many more casualties if there had been a lot of people outside watching. There may even have been more casualties from panic if the forecasters had known and had made clear what to expect, and where to expect it. Certainly neither the military nor the civilian emergency forces here are prepared for mass evacuations of the kind that might have saved some of the lives that were lost. (They usually claim to be astonished when it snows more than a couple of inches in an evening). Do I hear you ask "what's this got to do with the risks of using computers?" I worked very late at the computing Lab on the eve of the Hurricane, tumbled into bed at about 2:30am, and slept through the whole thing. ------------------------------ Date: Fri, 23 Oct 87 14:50:12 +0200 From: mcvax!geocub!anthes@uunet.UU.NET (Franklin Anthes) To: RISKS@kl.sri.com Subject: Freak winds in southern England Organization: Greco de programmation, Bordeaux France Maybe it was unexpected in the UK, but here in France there were storm warnings on the midday news. They said that a very strong storm was forecast, and sure enough that night some parts of France had 220km/h winds. I know that "la meteorologie nationale" here in France has a Cray for their forecasting. Maybe the UK doesn't have such high-powered computers? Or maybe French weather forecasters are just better:-):-) Frank Anthes-Harper Usenet: ....!ucbvax!decvax!uunet!mcvax!inria!geocub!anthes ------------------------------ Date: Mon 26 Oct 87 09:41:59-PST From: Bruce N. Baker Subject: On the Risks of Using Words That Sound Similar To: Neumann@csl.sri.com In RISKS 5.48, Richard S.D. D'Ippolito points out the substitution of the word "casual" where "causal" was intended. The difference is significant. I see more and more of this type of problem as we become dependent on spelling checkers that accept properly spelled words even though they completely distort the meaning. Words that sound similar and look similar to a secretary are especially a problem. In the same issue, Scot E. Wilcoxon's contribution regarding Phone Service Degradation and 911 uses the word "exasperated" when "exacerbated" was intended. The meaning still comes through, and in a few years, if enough secretaries type the one word when it should have been the other, the two will appear as synonyms, similar to the way "scan" and "skim" have evolved. "Apprise" and "appraise", and "foundering" and "floundering" will soon suffer the same fate. No one seems to understand "affect" vs. "effect" anymore so we might as well list them as alternative spellings of the same word. It might be a bit more dangerous when we equate "enervating" and "invigorating". Not even Webster seems to care about preserving the distinction between "aggravate" and "irritate". Of course, Webster merely reflects the bad usage we impose on our language, and often secretaries merely mirror the bad usage of the writing they receive. So now "terrific" lists just about any context you may wish to give the word. But surprisingly, "livid" does not equate with "angry" in my 1971 version of Webster. Surely, that has been "corrected" by now. "Erstwhile" still does not have "distinguished" as one of its meanings so maybe there is some hope. I guess my point of all of this is that some of us still care about the original intent of words. No, this will not make the transition to the original intent of the framers of the Constitution. As a former professor, I was astounded at how many students were upset by my corrections to their grammar. Often, I heard, "I didn't know we were supposed to proofread our papers," or "I didn't realize this was an English class, I thought it was a course in the business school." How vulnerable I am. I am sure there must be at least 10 errors in word usage and "grammer" here, but that won't "effect" me at all. [I try to fix obvious screwups when possible. There are times (such as today) when I have a very limited window on-line (and 40 backlogged messages -- too many of them on UNIX passwords). This afternoon I had a net connection that would give me only a few echoed characters, sometimes with more than five-minute delays. PLEASE try to edit your own messages more carefully, and don't be surprised when your incoherent contributions are not included. Also, I'm getting a lot of UNIX password stuff that heavily duplicates earlier messages. I can guess that some of you are still getting mail many days late... or just don't like to read. PGN] ------------------------------ Date: Fri, 23 Oct 87 15:08 EDT From: JPAnderson@DOCKMASTER.ARPA Subject: CD, Terrorism, Stocks (Previous 3 RISKS) The last 3 RISKS prompted some responses. Re: "Civil Disobedience" From what I have seen this kind of behavior is not very CIVIL! It is also an example of the debasement of the language (language in the pits) practiced by certain newspapers and even radio and TV stations -- euphemisms to replace (and distort) reality. "Civil Disobedience" is actually at the minimum a misdemeanor called Disturbing the Peace. Unders some circumstances, I would agree with the writer who claimed it was terrorism. Certainly mobs, no matter how well intentioned are not engaged in CIVIL behavior. Often, these little excursions boder on riots. Of course, they are not called any of these things, particularly since newspapers, radios and TV started calling strikes (often illegal, and unauthorized) 'Job Actions'. When I was growing up, most of the 'Job Actions' of Teachers, Civil Servants of various kinds and other employee groups (like the NFL players) were called strikes, or sometimes WILDCAT strikes (meaning they were illegal and/or unsanctioned by the parent organization). So, spare me the "Civil Disobedience", "Job Actions", and while we are at it, "Methodology". Re: Stocks into Bondage It is interesting, considering the volume and panic, that the NYSE computer systems did NOT fail, even though they were sure overloaded, and continued to be a couple of hours late in reporting trades. An 'atta boy" to the designers and implementers of those systems. Cheers, Jim ------------------------------ Date: Sun, 25 Oct 87 20:28:48 EST From: berger@datacube.com (Bob Berger) To: risks@csl.sri.com Subject: The Stock Market Computers and SDI I hope that the experience of a large network of computers doing something unplanned for such as accelerating the crash of the stock market will make the "Decision Makers" stand up and take notice! The network of computers that makes up the stock trading system is much less complicated than what the SDI planners are calling for, yet the stock computers behaved in unexpected ways that were bad for most people involved. In this case it was only that some people lost millions and a major fracture had been put in the stability of Western Society's economic structure..... Bob Berger Datacube Inc. Systems / Software Group 4 Dearborn Rd. Peabody, Ma 01960 VOICE: 617-535-6644; FAX: (617) 535-5643; TWX: (710) 347-0125 UUCP: berger@datacube.COM, rutgers!datacube!berger, ihnp4!datacube!berger {cbosgd,cuae2,mit-eddie}!mirror!datacube!berger [Remember, Jim is talking about the transaction processing and Bob is talking about programmed trading feedback instabilities... PGN] ------------------------------ Date: Sun, 25 Oct 87 10:30:28 EST From: Matt Bishop To: RISKS@KL.SRI.COM Subject: (Almost too much of) Password Encryption A little comment on UNIX password encryption. It may be very redundent. [Yes, it is, but perhaps if people will read it, they will stop submitting suboptimal communications. PGN] In RISKS 5.48, "Russ_Housley.XOSMAR"@Xerox.COM asks if the "modified DES" is a one-way hash. Nope. The modified DES just encrypts the null message (all 0's) with the password as key and maps the result to a 64-character alphabet. That, plus a code indicating which modification is used, is stored on line. When a user logs in the password he supplies is used to repeat this procedure, and the result of that is compared to the (stored) value. If they agree, the password is right and the user is logged in. If not, the password is not correct and the user is not logged in. The modification, incidentally, is to perturb the E table in one of 4096 ways and apply that DES 25 times in succession. (That is, the output of the first is the message for the second, the key being the password in all iterations.) The idea is that the perturbation prevents dictionary searches for a large number of passwords by forcing the password algorithm to be run once for each possible password AND for each already-encrypted password (that is, instead of just encrypting a 25,000 word dictionary and comparing the result against each of 100 encrypted passwords, an attacker has to encrypt the 25,000 word dictionary once for each encrypted password; this is equivalent to 2,500,000 encryptions.) Hence, the time for such a search should be unacceptably high. Matt Bishop bishop%bear.dartmouth.edu@relay.cs.net ...!decvax!dartvax!bear!bishop ------------------------------ Date: Fri, 23 Oct 87 22:49:32 EDT From: msb@sq.com (Mark Brader) To: risks@csl.sri.com Subject: UNIX Passwords > The truncation of UNIX passwords to 8 characters is not a bug, it's a > feature. If you have source, examine the code to libc/gen/crypt.c. > Your password is *not* actually encrypted on UNIX. Rather, it is used > as the *key* to encrypt a standard block of text ... and since DES has 56-bit keys, the password has to be reduced to 8 7-bit characters. True, but taking the *first 8* characters is about the worst method I can think of for reducing a long password to 56 bits! I've never been satisfied with this aspect of UNIX; I want 12 significant characters in my passwords (and all alphabetic, please, so I can type them *fast*). Taking the *last* 8 characters would be a distinct improvement, because it's necessary to pause a moment before entering the password, and people tend to use that moment to reach for the first key or two of the password. Better yet would be to use a simple hashing function to map the long password onto the 56-bit space. Even something as simple as XORing the 1st, 9th, 17th, etc. characters into the first 7 bits, and likewise for the other positions, will ensure that any small change to any part of the password generates an incorrect password. With a space of 72,057,594,037,927,936 hash buckets, it makes no practical difference that there are now many alternate passwords that yield the same 56-bit sequence. (The same technique would also be useful for any banks that come to their senses and allow 12-digit PINs for ATM use -- around here they're all either 4 or 6 as far as I know, and mostly without privacy shields on the keypads -- but which think it's much too much work to change their file format.) It also wouldn't hurt to "personalize" and keep secret the "standard block of text" that is encrypted using the 56-bit key; this would inhibit some kinds of password searching done on a different UNIX machine by someone who gets a copy of the password file (with the "encrypted passwords"). This is best done when the machine is acquired, as it invalidates all existing passwords. Any of the steps described above would make it impossible to simply copy a password file onto, or from, an unmodified UNIX system and use it. Whether this is an advantage or disadvantage depends on the situation. Mark Brader, SoftQuad Inc., Toronto, utzoo!sq!msb, msb@sq.com If ... it seems easier to subvert UNIX systems than most other systems, the impression is a false one. The subversion techniques are the same. It is just that it is often easier to write, install, and use programs on UNIX systems than on most other systems, and that is why the UNIX system was designed in the first place. -- Frederick T. Grampp & Robert H. Morris ------------------------------ Date: 25 Oct 87 21:48:09 PST (Sunday) Subject: Re: Phone Service Degradation -- and 911 To: umn-cs!sewilco@datapg.MN.ORG (Scot Wilcoxon) Cc: RISKS@csl.sri.com, RMRichardson.PA@Xerox.COM From: Rich From: umn-cs!sewilco@datapg.MN.ORG (Scot Wilcoxon) > I will be suggesting to the Minnesota Public Utilities Commission > that they try to have 911 protected from this kind of problem. I > think the way to reduce giving a delayed dial tone to everyone is > to try to give greater delays to people trying to dial a number > causing an overload. Preferably also give even greater delays to > repeat callers or autodialers. Presently the local carrier is > required to give equal service to everyone, even if that means > giving equally bad service. Pardon me, but there seems to be an assumption in here that just isn't true. When you say "... give greater delays to people trying to dial a number causing an overload," you are assuming the telephone exchange knows which number is to be called before it gives a dial tone to the caller. But you see, the dial tone is given so the caller may send the number to be called to the exchange. If the exchange can predict the number to be called, dial tones are unnecessary (along with half the equipment in your phone!). Rich [Hmm... I interpreted the suggestion as delaying the NEXT dial tone. PGN] ------------------------------ Date: Mon, 26 Oct 87 7:56:32 MST From: Chris McDonald STEWS-SD 678-2814 Subject: INUSE.COM Program To: risks@csl.sri.com As a matter of policy we require automatic timeout features on our systems, where feasible, to disconnect inactive terminals. The thinking is that in most cases an "inactive" terminal in our environment denotes that a user has left his or her device unattended. Hopefully the timeout program may save a user from his or her own carelessness and preclude another person from "masquerading". You might expect that not all users are that enthusiastic about the program. On some of our VMS hosts several personnel use a DCL command file generally named INUSE.COM. The program formats the screen to show "Terminal in Use" in theory one must know the password to then gain access to the terminal. At least that was what many users thought! When we finally began to install the Version 4 update of VMS, we found that DEC had implemented a recall function. By entering a Ctrl Y and pressing the up arrow on the terminal a user could recall the last input to the screen. So logically, if the last input was the password, then . . .? We found it rather ironic that users thought they had protected themselves and defeated our automatic timeout program at the same time. The INUSE.COM program can be modified to address the recall function. ------------------------------ Date: Mon, 26 Oct 87 14:35 N From: Subject: Free phone-calls To: Neumann@KL.SRI.Com E.van Batenburg, Instituut v.Theoretische Biologie, Groenhovenstraat 5 2321BT Leiden Holland (tel.071-132298) The Dutch "Personal Computer Magazine" revealed in its september issue how hackers in Holland managed to fool the telephone company and got free phone-calls to everywhere in the world. First they ring 06 which announces to the Dutch telephone computer that a "collect" call is to be dialed. Next they choose a number in Denmark (which one was unfortunately/fortunately, depending on your point of view, not revealed) which let the Danish computer reply to Holland that the call is accepted. Finally they dial their proper destination. The Dutch telephone company reacted rather grumpy to this disclosure. They stated that PCM is stimulating abuse of the telephone. According to them they have no means to correct this on short notice because the Danish computer is at fault and they are waiting for a complete overhaul of the Danish telephone computer. It is not clear who (if anybody) is paying the costs for those calls. Eke van Batenburg ------------------------------ End of RISKS-FORUM Digest ************************