RISKS@CSL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (11/09/86)
RISKS-LIST: RISKS-FORUM Digest, Sunday, 9 November 1986 Volume 4 : Issue 8
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Brazilian laws require proof of voting. People NEED those cards.
(Scot E. Wilcoxon)
Grassroots sneak attack on NSA (Herb Lin, Matthew P Wiener)
Ethernet Security Risks (Phil Ngai)
Perfection (Herb Lin)
Information replacing knowledge (Daniel G. Rabe)
Word Processors / The Future of English (Stephen Page)
Copyrights; passwords; medical information (Matthew P Wiener)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM)
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)
----------------------------------------------------------------------
From: rutgers!meccts!mecc!sewilco@seismo.CSS.GOV
Date: Sun, 9 Nov 86 01:14:36 EST
Subject: Re: Computer causes chaos in Brazilian Election
Summary: Brazilian laws require proof of voting. People NEED those cards.
To: seismo!csl.sri.com!risks
This situation involving computers is severe due to Brazil's laws, with
which most of the RISKS readers are undoubtedly not familiar.
The "frayed tempers" due to not getting the "essential voting card" in
Brazil are not simply because everyone likes to vote. Everyone MUST vote in
Brazil. Proof of recent voting is one of the required legal documents for
several situations, including simply getting a job. Those missing voting
registration cards are the prerequisite to being able to vote and be a
law-abiding citizen qualified to live a normal life. (My wife is from
Brazil and had to carry those documents.)
> Programmers overlooked that twins are born on the same day to the same
> parents. Consequently, the voting rights of an estimated 70,000 twins
> were cancelled. The Federal Electoral Tribunal in Brasilia is currently
> wading through 140,000 appeals, including the case of a certain Jose
> Francisco, who says all his 14 brothers were baptised with identical
> names.
All this is familiar to analysts and programmers. The voting documents
were formerly handled by humans who modified the processing procedure
as required by common sense and local situations ("Yeah, I know Jose
Francisco. All 14 were here last year, I still have to see 6 of them this
year.") The written procedures are undoubtedly what guided the programmers.
If the implementation schedule was the same for the whole country, it is
little wonder that many exceptions were found at the same time.
Scot E. Wilcoxon Minn Ed Comp Corp {quest,dayton,meccts}!mecc!sewilco
------------------------------
Date: Sat, 8 Nov 1986 09:42 EST
From: LIN@XX.LCS.MIT.EDU
To: weemba@BRAHMS.BERKELEY.EDU (Matthew P Wiener)
Cc: risks@CSL.SRI.COM
Subject: Grassroots sneak attack on NSA
From: weemba at brahms.berkeley.edu (Matthew P Wiener)
Several people have started inserting cute words like
"crypt" or "terror" or "CIA" in their signatures in an attempt to over-
load NSA's automatic grep for cute words in overseas traffic. Consider-
ing the minuteness of the added load, and the likelihood that NSA already
filters out obvious traffic like the net...
That would be inconsistent with the oft-repeated claims that NSA
monitors ALL overseas telephone calls. I have been told (someone pls
confirm or deny?) that voice recognition technology is good enough
that given Crays on an NSA budget, such a feat is possible when you
are looking for certain key words, and that recognition can be done on
a very limited vocabulary independent of speaker.
Comments?
------------------------------
Date: Sat, 8 Nov 86 14:33:51 PST
From: weemba@brahms.berkeley.edu (Matthew P Wiener)
To: lin@xx.lcs.mit.edu
Subject: Re: Grassroots sneak attack on NSA
Cc: risks@csl.sri.com
> Considering ... the likelihood that NSA already
> filters out obvious traffic like the net... [MPW]
>
>That would be inconsistent with the oft-repeated claims that NSA
>monitors ALL overseas telephone calls. [HL]
Of course they intercept the net, but if you were snooping around through
all overseas telephone calls, you too would set some priorities.
>[voice recognition rumor]
Well if that's how they do it, I *hope* they know enough to filter the net!
ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720
------------------------------
Date: Sat, 8 Nov 86 12:49:41 pst
From: lll-crg!amdcad!phil@seismo.CSS.GOV (Phil Ngai)
To: risks@csl.sri.com
Subject: Ethernet Security Risks
Security on an Ethernet is a very tricky business. If you use the Berkeley
rhosts scheme, it is easy to spoof someone else's ip address, although there
is some code in Berkeley Unix that detects when someone is impersonating
you, the message only comes out on the system console. And if the bad guy
makes your machine crash while you are away, no one will be the wiser.
If you ban rhosts and only allow ftp and telnet, you are vulnerable
to people grabbing packets off the Ethernet and getting your password.
Which is worse? Would you rather freeze to death or burn to death?
I don't know if it matters. I think that if security matters, it
would be best not to let machines you don't trust on your Ethernet.
Sun proposed an interesting scheme at the last Usenix. Two machines that
wanted to communicate would use an encrypted timestamp on each packet as
authentication. This assumes, of course, that the two machines have
synchronized their clocks and that they have a common key no one else knows.
(their scheme included a key distribution method which I will not discuss
here) There is also a performance penalty. They did some back of the
envelope calculations showing it would be acceptable in many cases.
Is it unreasonable to put machines you don't trust on another Ethernet,
with a router between your group and them?
Phil Ngai
------------------------------
Date: Tue, 28 Oct 1986 10:48 EST
From: LIN@XX.LCS.MIT.EDU
To: Douglas Humphrey <deh@ENEEVAX.UMD.EDU>
Cc: risks@CSL.SRI.COM, lin@XX.LCS.MIT.EDU
Subject: Perfection
From: Douglas Humphrey <deh at eneevax.umd.edu>
To LIN : In response to a message, you state that none of the anti-SDI
folk ever stated that the software had to be perfect. I have
heard constantly in both the widely read (Washington Post) and
limited (?) distribution industry media (Aviation Leak and
Space Mythology) SDI critics that conte[x]t that it must be perfect
or it is useless. I don't bel[ie]ve this, and I would hope you
don't either, but saying that the whole must be perfect
certainly implies that the parts must be perfect.
Please give a citation. The only place I have ever seen a statement about
required "perfection" came in an article written by James Fletcher, of the
Fletcher Commission, who clearly states that "an enormous and error-free
program" would be required. Fletcher hardly counts as a critic.
[I held this one up hoping for a response... PGN]
I don't deny that you have heard what you say you have heard, but the
only inference I can draw is that neither the Post nor AWAST have
correctly reported the critics' position.
What critics DO say is that you can never know if BMD software will work in
the absence of realistic testing. KNOWING that a program will work properly
without error is a different, and more demanding, condition than whether or
not it *actually* will if put to the test. Moreover, critics do not have
faith that it is possible to predict all of the ways that the Soviets might
attack; we do believe that the Soviets *might* be able to attack in a way
that would result in catastrophic failure.
On the general issue of "perfection", critics believe that the statement of
mission requirements comes from the President of the United States and the
Secretary of Defense, who assert that SDI is a way to protect everybody
against nuclear ballistic missiles. They get funding from Congress on that
claim, and they present it to the American people that way. If they want to
use it for something else, such as improving the ability of the U.S. to
retaliate, then let them say so. Until the proponents admit POLITICALLY
that their goal is infeasible, critics have a responsibility to confront
them with their fallacies. You may acknowledge that their goal is
infeasible, in which case we can argue about what goals are feasible, but
you are not the President. If you want to criticize someone for asserting
perfection, dump on the highest levels of the Administration, because they
are the ones that set the terms of the debate.
[As usual, we tread some fine lines, e.g., among technically motivated
nonpolitical arguments, nontechically motivated political arguments, etc.
Just as we often note that RISKS issues are holistic system issues, it
is risky to try to talk of just the technical arguments in isolation.
Although RISKS seeks to avoid political issues, this one is metapolitical
and is closely intertwined with technological evaluations. PGN]
------------------------------
Date: Sat, 8 Nov 86 14:20 CST
From: <DAN09697%NUACC.BITNET@WISCVM.WISC.EDU> (Daniel G. Rabe)
Subject: Information replacing knowledge
To: risks@csl.sri.com
In RISKS 4.4, Martin Minow makes the point that computerization makes
it easier to substitute quantity for quality in our writing. I would
go one step farther and say that the easy access to information made
possible by computer systems has also degraded our ability (or at least
our desire) to gain and retain knowledge.
The following is excerpted from an essay entitled "Look it up!
Check it out!" by Jacques Barzun in the Autumn 1986 *American Scholar.*
``... the age of ready reference is one in which knowledge inevitably
declines into information. The master of so much packaged stuff needs to
grasp context or meaning much less than his forebears: he can always look
it up. His live memory is otherwise engaged anyway, full of the arbitrary
names, initials, and code numbers essential to carrying on daily life. He
can be vague about the rest: he can always check it out.
``... But what we are experiencing is not the knowledge explosion so often
boasted of; it is a torrent of information, made possible by first reducing
the known to compact form and then bulking it up again -- adding water.
That is why the product so often tastes like dried soup.''
As computer scientists, I think we find it all too easy to divide
and compartmentalize information as we see fit. As I see it, one
of the greatest risks of widespread computing is that we'll all stop
learning. We've got spelling checkers, so why bother learning to
spell? We've got calculators and home computers, so why bother learning
any math? We've got electronic mail and conferencing, so why bother
to learn or practice the art of public speaking? Are we reaching the
point where being an expert simply means having a large computer
database, as opposed to years of learning and knowledge? I don't
think we're there yet, but I fear that our society's heavy emphasis on
"information" and computing might be leading us there.
Daniel G. Rabe
Northwestern University
------------------------------
From: Stephen Page <munnari!uqcspe.oz!sdpage@seismo.CSS.GOV>
Date: Sunday, 9 Nov 1986 14:07-EST
To: risks@csl.sri.com
Subject: Word Processors / The Future of English
The interesting article by Anthony Burgess reproduced in RISKS-4.4 reminded
me that when the first lap-top computers were introduced a few years ago,
some professional writers noticed that their sentences were becoming shorter
and their paragraphs chunkier, as they relied on a 40-column, 8-line display
(e.g.) when composing texts. Has this really been cured by newer
technology? Or is our familiar 80x25 model just as likely to have an
adverse impact on writing style?
------------------------------
Date: Sat, 8 Nov 86 01:16:22 PST
From: weemba@brahms.berkeley.edu (Matthew P Wiener)
To: RISKS@csl.sri.com
Subject: Copyrights; passwords; medical information
> "How Fred lets the fraudsters in" (c) Newspaper Publishing PLC
^^^
Considering the frequency with which we see this half-circled c used as an
ASCII replacement for the genuine circled c, it is obvious that a lot of
people have let their primitive keyboards delude them into a non-copyright.
("Copyright", spelled out, takes longer than "(c)", but it has legal standing.)
> Passwords are particularly vulnerable when they remain unchanged for a long
> time. The chairman of one major company the auditors investigated had kept
> the same password for five years. It was "chairman".
This reminds me of the WWII story in Feynman's book about the hot-shot
military big boss with his fancy-dancy super-safe: the combination was never
changed from the factory original. "The more things change, the more they
stay the same."
>Now, I am being accused of taking confidential information out of the
>hospital in the form of patient records and doctors names! All I had on the
>computer were my notes. The paranoid medical staff is afraid that having
>this information in my "COMPUTER" is dangerous, [...]
>Pretty amazing paranoia, huh? Do people really still fear computers this way?
In this situation, it strikes me as typical computer ignorance. But in
general, the use of a computer as opposed to a legal pad leads to more
security problems. Handwritten notes are both unmistakeable as such and are
naturally limited in content. (I assume this is old hat to RISKers.)
ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720
------------------------------
End of RISKS-FORUM Digest
************************
-------