RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (10/23/87)
RISKS-LIST: RISKS-FORUM Digest Thursday, 22 October 1987 Volume 5 : Issue 47 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Programmed Trading and the Stock Market Decline (Lt Scott A. Norton) Overload closes Pacific Stock Exchange computers, and other sagas (PGN) BankAmerica Aides Quit; Sources Cite Data System (Jerome H. Saltzer) Air Force explores SDI-like technology (Walt Thode) Who knows where the computer is? (Graeme Hirst) Anonymity (Fred Baube) Re: UNIX Passwords (Richard Outerbridge) CD vs ADP security (Barry Nelson) Civil Disobedience and Computers (Robert Stanley) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:<RISKS>, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: Thu, 22 Oct 87 00:34:10 PDT From: "LT Scott A. Norton, USN" <4526P%NAVPGS.BITNET@wiscvm.wisc.edu> Subject: Programmed Trading and the Stock Market Decline To: Risk List <RISKS@csl.sri.com> An interview on this afternoon's (21 Oct 87) "All Things Considered" with an investment expert named Thomas Tisch [sp?] discussed the impact that programmed stock trading had on last Monday's stock market losses. According to Mr. Tisch, aggressive programmed trading typically is an attempt to take advantage of a difference in prices between different offerings of the same stock. For example, analysts will compare the price of a group of stocks on the NY Stock Exchange with the price of an option on the same stocks on the Chicago exchange. If a sufficiently large disparity exists, the programmed sales will be activated, buying the lower priced package and simultaneously selling the higher priced package. Because the disparities in price are usually small, this strategy requires large purchases, on the order of $25 million. During Monday's decline, trading on index futures was suspended, reducing the impact of this form of programmed trading on the market. In the case of Monday's fall, Mr. Tisch felt that a lot of the volatility the market showed was caused by another kind of programmed trading. Many large institutional investors, such as insurance companies, pension funds, and university endowments, had tried to protect their assets with "portfolio insurance." To protect against their assets being wiped out, these investors had programmed in a bail-out if their portfolio's value dropped too far. This resulted in an automated panic once the market as a whole started to drop. [ I didn't tape previous the broadcast, so I can't give you Mr. Tisch's credentials. All I have is hastily scribbled notes I took during the interview. I did, though get the following item on tape ] On Tuesday, during an address to the National Press Club, Garrison Keillor was asked what effect the market's decline would have on Bob's Bank in Lake Woebegone. Keillor replied, "I think the terrifying thing about this stock market crash is the idea that this could all be going on between computers with human beings hardly involved at all. That these vast banks of computers all over the country, using the phone lines, are battling each other for stocks, and that we have no part in this." LT Scott A. Norton, USN | From Internet, if you need a gateway, use Naval Postgraduate School | 4526p%navpgs.bitnet@jade.berkley.edu Monterey, CA 93943-5018 | or 4526p%navpgs.bitnet@ucscc.ucsc.edu 4526P@NavPGS.BITNET | The WISCVM gateway will close 15 Dec 87. ) ------------------------------ Date: Thu 22 Oct 87 17:49:07-PDT From: Peter G. Neumann <Neumann@KL.SRI.Com> Subject: Overload closes Pacific Stock Exchange computers, and other sagas To: RISKS@KL.SRI.Com On Monday, a number of NASDAQ market makers abandoned their posts while stockholders were trying to bail out. (A good thing? Don't let 'em sell until it goes up again?) Although this was not a computer-caused problem, it kept the computers from handling the relevant trading during the 508-point drop. On Tuesday, computerized trading in stock-index futures and options was temporarily suspended for the first time in history in New York, Chicago, and Kansas City. On Wednesday, the PSE had to shut down its computerized trading system (SCOREX) for about five hours yesterday due to intolerable transmission delays resulting from the avalanche of orders. This was its first complete shutdown since installation in 1979. Volume dropped significantly. (On Monday SCOREX trading was halted in about 5% of the options, due to "technical problems".) [Source: San Francisco Chronicle, 22 October 1987] When a brokerage house loses out on transactions it was not able to make, this is what is known as an ERROR OF COMMISSION! ------------------------------ Date: Thu, 22 Oct 87 08:57:29 EDT To: RISKS FORUM (Peter G. Neumann -- Coordinator) <RISKS@KL.SRI.Com> Subject: BankAmerica Aides Quit; Sources Cite Data System From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU> This morning's (Thursday, October 22) Wall Street Journal, Eastern Edition page 44, contains an article with the above headline, which continues: "Two top BankAmerica Corp. executives quit after being asked to resign . . . in an action related to data processing problems that cost the company an estimated $25 Million. "The two men were held responsible . . . for problems in converting to a new computerized accounting system for the bank's trust department last March. ". . . A bank spokesman said the conversion to a new system, called MasterNet, disrupted data processing records to the extent that BankAmerica is frequently unable to produce or deliver customer statements on a timely basis." The good (?) news is that ". . .the spokesman said . . . 'to the best of our knowledge, no customer information has been lost. . .'" Jerry ------------------------------ From: thode@nprdc.arpa (Walt Thode) Date: 21 October 1987 1426-PDT (Wednesday) To: risks@csl.sri.com Subject: Air Force explores SDI-like technology From the Federal Computer Week (10/19/87) (excerpted, without permission): The Air Force has issued technology assessment contracts to four teams to explore deployment of a multibillion-dollar Air Defense Initiative that could rival SDI for cost, complexity, and possibly for political debate. Issued by the Air Force Electronics Systems Division, the contracts, though slightly less than $1 million each, signal the beginning of a major tri-service effort to protect North America from attack by Soviet bombers or cruise missiles. A central impetus for the ADI research is the effect SDI will have on Soviet strategic planning, according to Air Force officials. The Air Force operates on the assumption that the ongoing progress on SDI has already pushed the Soviets to improve their bomber and cruise missile forces. If this improvement continues, the US will need to deploy ADI even if the threat it is designed to counter is an indirect result of SDI. The ADI system will bear more than a casual resemblance to SDI, according to Pentagon officials. Like SDI, it probably will include numerous space-based sensing platforms, which can see the entire North American continent and which can control air, ground, and space-based interceptors or hypersonic aircraft. ADI will require a complex real-time computerized command and control system to monitor threats coming from every compass quadrant. Like SDI, ADI's command and control system will have to be able to assess these multiple threats and then control widely dispersed defensive systems... John Pike of the Federation of American Scientists, a long-time critic of SDI, said the command and control problems of ADI will be even more complex than SDI. "Airplanes tend to blend into the background, especially when they are flying only a few hundred feet above the ground ... The Soviets are obviously going to have their missiles coming in from the north, but airplanes could come in from any direction." ... Former Defense Secretary James Schlesinger estimated that total costs for ADI could run as high as $50 billion. (The rest of the article discussed contractors/subcontractors and some of the suggestions for methods and timing. One interesting item was the suggestion that airships (lighter than air) are a possible sensor platform alternative.) --Walt Thode (thode@nprdc.arpa) ------------------------------ Date: Wed, 21 Oct 87 12:49:16 EDT From: Graeme Hirst <gh%ai.toronto.edu@RELAY.CS.NET> To: RISKS@csl.sri.com Subject: Who knows where the computer is? Organization: Dept of Computer Science, University of Toronto In RISKS-5.44, Scott Dorsey (kludge@pyr.gatech.edu) writes: > I seem to recall a mention that the Berkeley computer center was >occupied by protesters sometime in the sixties, ... I attended Monash University, Melbourne, Australia, in the 1970s at the height of the student rebellions. The Computer Centre, fearing an imitation of events in the U.S., posted large notices on the doors of the machine room alleging that after the fire alarm bells went off, you had 45 seconds to clear the room before the carbon dioxide came in, the oxygen disappeared, and those remaining died. (This was before the advent of Halon.) It was assumed that the operators were expected to trigger the fire alarm at any sign of a student invasion, though the administration denied this. In RISKS-5.45, Brent Chapman (koala!brent@lll-tis.arpa) writes: >Have there been any cases of terrorist or political attacks on comp centers? Perhaps someone who was there at the time can tell us about the most famous computer centre trashing, that at Sir George Williams in Montreal. >How many of you have no idea where the machines you use are physically located In teaching first year, I always make a point of telling the students what the machine is, where it is, and telling them to have a look at it (through the glass). Reason: I want them to have a mental image of the machine, and to understand clearly that the terminal is not the computer. This is less important than it used to be, but it is still a good idea; many of our freshmen are still complete computer novices (though no longer the majority). Also, knowing the name, power, ability, etc., of many machines will be important for some of the students later on, if they become systems programmers or administrators. It's never too early to start learning that the old ones are Vaxes, the new ones are Suns, the 3/280 is about three times as powerful as the Vax, etc. \\\\ Graeme Hirst University of Toronto Computer Science Department //// utcsri!utai!gh / gh@ai.toronto.edu / 416-978-8747 ------------------------------ To: RISKS@KL.SRI.COM Subject: Anonymity Date: Thu, 22 Oct 87 10:20:07 -0400 From: Fred Baube <fbaube@note.nsf.gov> > > One of the greatest guarantees of privacy is anonymity. The Social Security number is a standard item on many forms where it has no business being. If you find yourself in a situation where they want to know it and they won't settle for not having it, it might be better to switch than fight .. make one up. Disclaimer: not recommended for interest-bearing accounts and other income-generators, or for giving blood. [...] I'm not sure about the current state of affairs here in the States, but about three years ago a fellow in Buffalo was being harassed by the Postal Service for setting up just such a service, where people could get a PO box under a pseudonym. Their excuse was the need to prevent mail fraud, which he said he would always co-operate in the investigation of. For every box the Postal Service wanted to see a real name and a real occupation. When mail pseudonyms are outlawed, only outlaws will have mail pseudonyms. P.S. I presume the Internet has a rule against anonymous messages. ------------------------------ Date: Thu, 22 Oct 87 00:16:39 EDT From: Richard Outerbridge <outer%csri.toronto.edu@RELAY.CS.NET> To: csl.sri!RISKS%ai.toronto.edu@RELAY.CS.NET Subject: Re: UNIX Passwords The eight character limit may have been designed in, but direct mapping into DES keys is no feature. The average entropy of English is about one bit per letter over blocks of eight or more letters; so rather than 56 bits of equivocation the routine assuredly provides eight. Hashing long strings together using CBC or CFB message authentication techniques yields eight byte hex strings in which every last trace of equivocation is present in a 'random' looking pattern. Time for a change of password routines. ------------------------------ Date: Thu, 22 Oct 87 09:21:34 EDT From: Barry Nelson <bnelson@ccb.bbn.com> Subject: CD vs ADP security To: risks@csl.sri.com In RISKS 5.45 (Brent Chapman, Re: Civil Disobedience), several minimal computer physical security mechanisms were listed. Although it may be slightly dated, I have found the FIPS-PUB-31 (Guidelines For Automated Data Processing Physical Security and Risk Management,NBS,1974, 95 pp) to be a good basic reference for the issues needing consideration, including: security analysis, natural disasters, supporting utilities, system reliability, physical protection, internal controls, off-site facilities, contingency planning, security awareness, and internal audit. Of course, there are more recent texts dealing with the same topic, but this is one of the more complete ones I've seen that focuses on computer facilities, control and contingencies. It is axiomatic that organizations will supply only that security that is (a) affordable and (b) justifiable under the circumstances. Someone must take the responsibility to identify the various options available and evaluate the local risks, making a final recommendation to the top management. "This document contains statements of opinion by the author which are not attributable to BBN Communications Corporation or its management." Barry C. Nelson /Senior Systems Engineer / BBN Communications Corporation / 70 Fawcett Street, Cambridge, MA 02238 ------------------------------ To: comp-risks From: Robert Stanley <roberts%cognos%math.waterloo.edu@RELAY.CS.NET> Subject: Civil Disobedience and Computers (Re: RISKS-5.44) Date: 20 Oct 87 16:23:38 GMT Organization: Cognos Inc., Ottawa, Canada A very interesting fictional treatment of Civil Disobedience in a terminally automated society is to be found in John Brunner's novel "The Shockwave Rider" which has achieved the status of a minor classic in the science fiction world. Some very telling points are made, and the subject is explored in considerable depth. However, it also points up the fact that the distinction between CD and criminal activity is not so much a point of law, as the degree of fear/anger triggered in the targetted beureaucracy, which usually has sufficient dollars to overwhelm all but the most visible of protestants. Robert Stanley Cognos Incorporated S-mail: P.O. Box 9707 Voice: (613) 738-1440 (Research: there are 2!) 3755 Riverside Drive FAX: (613) 738-0002 Compuserve: 76174,3024 Ottawa, Ontario uucp: decvax!utzoo!dciem!nrcaer!cognos!roberts CANADA K1G 3Z4 ------------------------------ End of RISKS-FORUM Digest ************************ -------