risks@CSL.SRI.COM (RISKS Forum) (03/14/91)
RISKS-LIST: RISKS-FORUM Digest Wednesday 13 March 1991 Volume 11 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Incredible backlog of RISKS contributions -- Risks of RISKS again (RISKS) New Utility to Unlock Passwords (Martin Minow) Medical image compromise (Roy Smith) MCI's Computer Said It Is NOT OK (Li Gong) Examinations by Phone (James K. Huggins) Confident Extrapolation of Worst-Case Failures (Anthony E. Siegman) Re: A pulsar repulsed! (Matti Aarnio) EM solution for new buildings - risk solved? (Olivier M.J. Crepin-Leblond) Cellular surveillance (Les Earnest) Cellular phone usage (anonymous, Ed Hall) Secret Service Foils Cellular Phone Fraud (P.J. Karafiol) Telephone risks revisited (W.A. Simon) Re: Apathy and viral spread (Steven King) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR> CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 13 Mar 1991 17:21:44 PST From: RISKS Forum <risks@csl.sri.com> Subject: Incredible backlog of RISKS contributions -- Risks of RISKS again OK, folks, I have never before asked you to slow down in your contributions, and am not about to do so now. Perhaps the evident lag time will help to do that naturally. But the recent volume of mail to RISKS is horrendous -- on droids, dumbing-down, qwertyuiop, EMI (as of 2 March), warranties and free software (as of 28 Feb, with a double-size issue's worth of stuff still backlogged waiting for my immoderation), etc., all under consideration. (And BARFmail is on the increase again, for no apparent reasons, just the usual net flakiness, people moving, host names changing, FROM: addresses TO which I cannot even answer your mail, especially unregistered portions of UUCP, etc.). I was away most of today and noticed that my backlog of UNSEEN NEW messages was over 100, and the backlog of UNSEEN messages was about almost twice that, just over the past few days. Thanks for all your enthusiasm! On an old subject, I get complaints from some of you when I do NOT use draconian pruning shears, because you would like to rely on my moderation to be incisively oriented toward exciting and really interesting material, so that you do not have to wade through the less interesting stuff. But what is interesting to some may not be interesting to others. I also get queries from some of you when your message has not appeared after a while. I know I cannot please everyone, but I'll continue to try to do the best I can. I am currently batching heavy-response items together into self-contained issues, so that if you are bored with the topic you may simply ignore the entire issue. I long ago gave up trying to acknowledge every message. If you really want to make sure a particular message got through or try to wedge it out of the queueueueueueue, please feel free to do so. Otherwise, please just have patience. Thanks. PGN ------------------------------ Date: Tue, 12 Mar 91 08:45:47 PST From: "Martin Minow moved to LJO2-A2, RANGER::MINOW" <minow@bolt.enet.dec.com> Subject: New Utility to Unlock Passwords >From MacWeek, Mar 12, 1991: [edited for space]. "New Visions Limited Partnership last month shipped a new [Macintosh] password- recovery utility called MasterKey. "MasterKey comes in three versions [for WingZ, Excel, and WordPerfect 1.0]. ... MasterKey is intended for use by law-enforcement agencies to access files belonging to drug criminals, embezzlers and terrorists; by companies to access files that disgruntled or terminated employees have locked; and by users to access their own files. "Features ... include the ability to rever passwords from MS-DOS files, [and] an access code to prevent use by unauthorized users...." I rather like the fact that they decided to password-protect their utility: maybe I should write a utility to break their password scheme! Martin Minow minow@ranger.enet.dec.com ------------------------------ Date: Tue, 12 Mar 91 11:56:07 EST From: Roy Smith <roy@alanine.phri.nyu.edu> Subject: Medical image compromise Slightly off the original subject, but I noticed in a recent visit to a hospital that in the public hallway outside of the CAT/MRI scan area were open rack upon open rack of magtapes, no doubt containing images of patients. It struck me that anybody could just pick up a tape and walk off with it. Surely they would not be so sloppy with "official medical records". My guess is that it never really occurred to them that these tapes are part of the medical records, just as surely as the bit of paper charts the doctors scribble in are. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy [Clearly not an integrity concern, but it could be a privacy concern if some eager journalist stole a tape, or a denial of service concern if the tape goes astray. PGN] ------------------------------ Date: Tue, 12 Mar 91 17:56:09 EST From: li@oracorp.COM (Li Gong) Subject: MCI's Computer Said It Is NOT OK I wanted to subscribe to MCI's three major calling packages: Prime Time, Call Europe, and Call Pacific. I was told by MCI representatives that I couldn't do so because their computer couldn't handle the complicated billing computation. The maximum is two packages per account. Li Gong, ORA Corp, 675 Mass Ave, Cambridge, MA ------------------------------ Date: Wed, 13 Mar 91 11:32:53 EST From: James K. Huggins <huggins@zip.eecs.umich.edu> Subject: Examinations by Phone With the recent discussion on voting-by-phone in RISKS, I thought the following (excerpted) article, taken from "U.: The National College Newspaper" might be of interest to readers. "Test Taking Goes Touch-Tone": Seema Desai, _The_Daily_Pennsylvanian_ (student newspaper of the University of Pennsylvania) At Governors State U., a wrong number can cost students more than a quarter. It can cost them their grade point averages. The small university near Chicago recently adopted a telephone system that lets students take multiple-choice exams over a touch-tone telephone. Donald Fricker, a management professor who spent about two years developing the application, said students call a special number and respond to recorded multiple choice questions by pressing digits on their phones. The system, named Big Mouth, has been in operation since this fall, and four professor currently use it to administer exams. Fricker said more than 100 students in classes ranging from psychology to management have taken exams on the system, adding that most students have responded positively to the new technology. [student and faculty testimonial deleted] Some students and faculty have raised concerns about abuse of the system. Currently, students have to enter their social security number to access the system. Students are on their honor not to cheat, Fricker said. And because students have only five seconds to answer, Scherzinger said cheating is difficult. [quote deleted] In the near future, Big Mouth will have the ability to repeat questions and accept short essay answers. Fricker said he also plans to add more security measures to the system, including offering multiple versions of exams and giving each student a special security code. [...] Despite some of the system's drawbacks, Scherzinger said he thinks it will gain wide acceptance in the academic community. "I personally believe that the system will come to every college within the next 10 years." The RISKS here are abundant: students hiring other students to take their exams for them (a risk that is somewhat minimized by an in-person exam) using their identification number, students deliberately using someone else's Social Security number to flunk the exam for them, and students recording the exam as it is being given in order to distribute copies to their friends. I hope Big Mouth never comes to Michigan. Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu) [This is getting to be an old-hat topic. But it will recur. PGN] ------------------------------ Date: Tue, 12 Mar 91 11:39:51 PST From: Anthony E. Siegman <siegman@sierra.stanford.edu> Subject: Confident Extrapolation of Worst-Case Failures >From Henry Spencer at U of Toronto Zoology ... > because we must rely on such extrapolation and we already do; > the questions are how best to do such extrapolation and what > form of testing must be done to permit confident extrapolation. Surely it's also very important to assess the magnitude of the damage that could be done by overconfident extrapolation. Failure of a large airliner due to some unanticipated worst-case behavior (e.g., the early Comets) will kill at most a few thousands (in the air and on the ground). (I suppose a really worst-case failure in which an airliner comes down in Yankee stadium could kill several tens of thousands; but one can at least estimate with fair confidence the probability that a falling airline will hit Yankee Stadium.) [Shea, Hey, Willie?] In any event one can accept this level of tragedy and then use it to improve the system. Indeed that's more or less how large-scale civil aviation has made progress. The ``confident extrapolation'' in this instance, based on several decades of experience, is really that unanticipated worst-case behavior probably WILL happen; and one is nonetheless willing to accept this risk. Worst-case failure of a nuclear power plant in Sacramento, California, on the other hand, could render the entire San Francisco Bay Area uninhabitable for generations if not centuries (perhaps I'm exaggerating here, but it's hard to be certain). In any event, an really ``confident extrapolation'' that this worst-case event can't happen may be near to impossible; and past performance (Browns Ferry, Three Mile Island, Chernobyl) may lead one to have doubts about the ability (or wisdom?) of those who put such forth confident extrapolations. This is NOT an anti-nuclear message; I merely wish to make the points that: 1) The conservative confident extrapolation, based on past experience, may be that in most cases a worst case failure IS LIKELY to happen. 2) The most crucial question then is not "Will it happen?", but "Can we live with it, if it does?" (or "when it does"). --AES ------------------------------ Date: Tue, 12 Mar 91 23:35:20 EET From: mea@mea.utu.fi (Matti Aarnio) Subject: Re: A pulsar repulsed! (RISKS-11.25) > The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000 > times per second, has now been attributed to electrical interference from a > closed-circuit television camera used to operate the telescope in Chile. > [Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8] Interesting that this item has now surfaced thru AP. This was news item on Sky & Telescope magazine a few months back when it was debugged. (Reported around August-90?) What your extract doesn't tell is whether or not SFC mentioned it was a suspected OPTICAL pulsar -- which vanished next night. (No radio pulsar has been detected either.) It is very difficult to measure small but fast variations on very low levels of light intensity. Long lags from news to their appearance in newspapers seem to be common, also time lag and amount of errors correlate positively. Maybe feeding some RISKS to papers like Datamation would help? (I doubt they know what ACM is..) > I suppose it would have been much more obvious had it been blinking at 60 > cycles (or is it 50 in Chile?), although certainly less spectacular. A little > like hearing a loud thumping in a quiet room and discovering it the pulse of > your own heart beat? Or faint ticking at 2Hz, and you start to suspect bugs until you notice your watch... Anyway, it tells that while we use complex systems we must be carefull to spot all possible interference sources before we jump to conclusions. (Aren't we always?) About two weeks ago I saw on national TV news something telling that Australian radio astronomers had spotted an "ET" signal (me: immediate frown), but the way it was told on TV (as their "ending joke"), associated picture material etc., gave me conclusion: this is a red herring, forget it. "Hey, lets tell this joke from Down Under about those Radio Astronomers..." (Maybe 15 seconds total.) Today I went to do some UNIX system maintenance at the University of Turku Astronomy departement. Professor asked if I had heard anything about those Aussies, because local commercial radio wanted to make a program about this ET signal, and to interview some local radio astronomer... Our problem? No word about it from verifiable sources, thus do we dare to dip into USENET to fish out POSSIBLE information about it? (I hope there is information, but I doubt it... Good luck for SETI anyway!) /Matti Aarnio <mea@utu.fi> ------------------------------ Date: Mon, 11 Mar 91 18:07 BST From: "Olivier M.J. Crepin-Leblond" <UMEEB37@vaxa.cc.imperial.ac.uk> Subject: EM solution for new buildings - risk solved? I have read in this month's British Airways Business magazine that Pilkington's, the UK's glass manufacturer has attempted to tackle the problem of electromagnetic spying with a new "shielded" glass. The glass sheets are similar to the ones usually mounted on new sky-scrapers, with a shiny surface. However, this metallic film can be tied to earth, thus providing shielding which stops any electromagnetic radiation from leaving the building. It is therefore impossible to hack inside information from outside by picking-up electromagnetic radiation. Solutions were very costly up to now, with actual physical shielding of the building using metallic plates etc. Olivier M.J. Crepin-Leblond, Comms.Sys., Imperial College, London, UK. disclaimer: I am NOT related to Pilkington Glass or British Airways in any way ! ------------------------------ Date: Wed, 13 Mar 91 13:55:56 -0800 From: les@Gang-of-Four.Stanford.EDU (Les Earnest) Subject: Cellular surveillance I am seeking information on current practices and prospects for the use of cellular telephone systems in surveillance of individuals. 1. Given that the telephone companies have traditionally facilitated the tapping of individual telephones by law enforcement agencies if a court order has been obtained, I would assume that most cellular telephone systems have been instrumented to provide this capability. True? 2. Given that cellular telephone systems must track each individual instrument as it moves between cells (by checking relative signal strengths at cellular receiving stations) and given that phones can be tracked even when they are not in use, it would be a simple task for the cellular computers to record a time log of the movements of any selected phone. Has this capability been included in the software of these systems? 3. By using signal strength information from more than one cellular receiving station it is possible to estimate the location of a given phone more accurately than just which