8-Oct-85 00:00:43-PDT,11864;000000000001
Mail-From: NEUMANN created at  7-Oct-85 23:58:58
Date: Mon 7 Oct 85 23:58:57-PDT
From: RISKS FORUM    (Peter G. Neumann, Coordinator) <[email protected]>
Subject: RISKS-1.19
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest  Monday, 7 Oct 1985  Volume 1 : Issue 19

       FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
                Peter G. Neumann, moderator

Contents:
 Emanations and interference in the civil sector (Peter Neumann,Jerry Saltzer)
 Administrivia -- Escaped Mail and Delays (Mark S. Day)
 Computer databases (Andy Mondore)
 Re: Friendly test teams (John Mashey)
 Re: CRTs again, solution to one eye-problem (Brint Cooper)

Summary of Groundrules:
 The RISKS Forum is a moderated digest.  To be distributed, submissions
 should be relevant to the topic, technically sound, objective, in good
 taste, and coherent.  Others will be rejected.  Diversity of viewpoints is
 welcome.  Please try to avoid repetition of earlier discussions.

(Contributions to [email protected], Requests to [email protected])
(FTP Vol 1 : Issue n from SRI-CSL:<RISKS>RISKS-1.n)

----------------------------------------------------------------------

Date: Sun 6 Oct 85 15:16:38-PDT
From: Peter G. Neumann <[email protected]>
Subject: Emanations and interference in the civil sector
To: [email protected]

I have had several queries about risks in the civil sector concerning
electronic emanations from and electronic interference upon computer systems
and networks -- and of course also about what can be done to protect oneself
or one's company.  For example, Martin Lee Schoffstall <schoff%rpi.csnet
@csnet-relay.arpa> wondered along these lines:

       If you were building a hospital from scratch, would you consider
       shielding for your computer room, how many electron volts would
       you shield for, etc.?

       In general I would like some feedback for us civilians...

This subject is generally a technically intricate one, but some guidance is
clearly necessary for the civil sector.  Thus, it seems worthwhile to note
several examples that represent varying degrees of risk to the public.
(Since microprocessor-controlled systems are becoming ubiquitous, related
problems are likely to recur in other guises.  But let us not quibble about
whether THESE examples are sufficiently computer-related.)  The first three
examples involve interference; all but the third involve emanations.

 Transmit: Microwave oven emanations
 Receive:  "Externally reprogrammable" heart pacemaker --  interference;
           pacemaker reset by microwaves to 214 beats per minute
 Result:   Dead patient (See Software Engineering Notes vol 5 no 1 Jan 1980.)

 Transmit: Anti-theft device emanations
 Receive:  Heart pacemaker -- interference
 Result:   Patient OK (See Software Engineering Notes vol 10 no 2 Apr 1985,
           but I have seen nothing more recent.)

 Transmit: Active radar jammer (in speeder's auto)
 Receive:  Police radar receiver
 Result:   In one currently popular device, the jammer simulates a fault
           mode common in the design of many police radars systems.
           (... a program bug or an electronic interface problem?)

 Transmit: Police radar transmitters
 Receive:  Radar signals (received by transmitter, and by targetted autos)
 Result:   With passive detector, driver can avoid arrest.

 Transmit: Microwave telephone transmitters (telephone company)
 Receive:  Capture telephone conversations and data (observer)
 Result:   Compromise

 Transmit: Radiating CRT or keyboard (unsuspecting computer user)
 Receive:  Recreate screen image or typed input remotely (observer)
 Result:   Compromise  (Unclassified technology for doing this has
           recently been described in a European defense magazine.)
           [The RISKS Forum has discussed CRT radiation with respect
           to possible health hazards, so I won't list that again.]

The radar detector and jammer are marginally computer-relevant, and are
included here primarily because they are illustrative of deeper problems --
fielding a computer system and its surrounding environment that can be
defeated in some relatively simple way.  [By the way, this forum does not
endorse or promote illegal activities -- we merely need to point out their
existence.]  (I have not included in this list the garage-door openings and
closings triggered by the orbiting Sputnik, which happened to be on the
right frequency.)

Emanations and interference may be accidental or intentional.  Passive
techniques for detection may require some computing as in the case of
unscrambling multiplexed communications.  Active techniques (e.g., for
intentional jamming) are at this point much less common, but are likely to
present greater risks in the future.  There are all sorts of more or less
relevant laws, but they are probably neither complete enough nor concise
enough.  There are also all sorts of commonly available devices for those
who want to break the laws.

This note is intended to help raise the general level of awareness.  With
pretenses of corporate secrecy being what they are, it would be nice to be
able to assess the real risks.  In the past, many of these risks have seemed
obscure, but that seems to be changing.  Suggestions on how to avoid those
risks are welcome.  (There are of course also nonelectronic forms of
emanations; various penetrations are reported to have begun with information
-- including passwords -- gained by reading the contents of dumpsters.)

The answers to Marty Schoffstall's hospital query, and other such questions,
depend on the perceived risks against which you think you are defending.
For Marty's example, are you trying to provide survival of the hospital
computers and communications against nuclear attack? or something less
serious such as intentional jamming or accidental interference?  Might you
be worried about compromises of privacy resulting from wire-taps and
microwave pickups of computer information?  Each threat suggests a variety
of possible measures or countermeasures.   PGN

------------------------------

Date:  Fri, 4 Oct 85 18:02 EDT
From:  [email protected] <Jerry Saltzer>
Subject: Emanations and interference in the civil sector
To:  Neumann@SRI-CSL [in response to a query]

Concern for Electromagnetic Compatibility is indeed beginning to become an
important design consideration in consumer products.  These days, TV sets
are beginning to clean up their act, but the average FM tuner just can't
cope with being in a substantial RF field.  As consumers start to collect a
walkman, TV, cable converter, FM tuner, stereo amplifier, VCR, CD player,
cordless phone, remote control light switches, microwave oven, and
garage-door opener under one roof, more and more people are becoming aware
of the problems, and discovering that some manufacturers didn't put the
right effort in.

------------------------------

Date: Thu 3 Oct 85 20:07:38-EDT
From: Mark S. Day <[email protected]>
Subject: Administrivia -- Escaped Mail and Delays

[ Excerpted-From: Soft-Eng Digest    Sat,  5 Nov 85    Volume 1 : Issue  34 ]

XX was a victim of Hurricane Gloria; it had multiple head crashes when it
was restarted after the storm.  The heroic efforts of the staff here brought
the machine back to life after a marathon of restoring files, which
unfortunately left the alias for this list in a strange state.  Instead of
going into my mailbox, everything sent to "Soft-Eng" was immediately
redistributed.  Fortunately, only one message got out between the time XX
came up and the time I noticed the problem.  Anyway, sorry for the
difficulties.  No doubt this will now appear in the RISKS mailing list as an
example of an unreliable computer system...

  [SURE.  WHY NOT??!! Recovery and reinitialization are a vital part of
   keeping a system running properly.  How many times have you put in a
   patch or fix only to find that it somehow disappeared, e.g., not
   surviving a crash or not getting propagated back into the source code?
   But in this case you got left in an unsafe state!  PGN]

------------------------------

Date: Sat, 28 Sep 85 16:20:46 EDT
From: Andy_Mondore%[email protected]
To: [email protected]
Subject: Computer databases

One topic I have not seen discussed here is that of computer databases.  I
am Systems Coordinator for the Registrar's Office here so I am in charge of
a fairly large database containing (obviously) student grade and course
information as well as addresses, demographic information, etc.  I'd like to
see a discussion of the risks of having incorrect information in a database,
information being seen or accessed by the unauthorized individuals, etc.
Thanks.

   [Ah, yes.  This is a wonderful topic.  The state of the art of database
    management systems that can handle sophisticated privacy/compromise and
    data integrity problems is rather abysmal.  However, the risks of
    people gleaning information by drawing inferences from a database are
    considerable.  For starters, see Dorothy Denning's book, Cryptography
    and Data Security, Addison Wesley, 1982.  As to risks, Software
    Engineering Notes has had a bunch of stories on the effects of misuse
    or mininterpretation of police data.  The Air New Zealand catastrophe
    was an example of what can happen if a change is not propagated
    properly.  As always, contributions are welcome.  PGN]

------------------------------

Date: Sat, 28 Sep 85 22:31:18 pdt
From: mips!mash@glacier (John Mashey)
To: [email protected]
Subject: Re: Friendly test teams

It might be good to ask for pointers to published data on bug histories,
effort levels, robustness in large hardware/software systems.  I suspect
these may be hard to find for SDI-like systems; I couldn't dig up any old
Safeguard info.  Although not in the same class of difficulty, ATT's new #5
ESS switch is fairly complex (300+ engineers).  A good reference is:  H.A.
Bauer, L.M. Croxall, E.A. Davis, "System Test, First-Office Application, and
Early Field Experience", ATT Technical Journal, vol 64, No 6, Part 2
(Jul-Aug 1985), 1503-1522.

------------------------------

Date:     Sun, 6 Oct 85 12:59:18 EDT
From:     Brint Cooper <[email protected]>
To:       [email protected]
cc:       [email protected]
Subject:  Re:  CRTs again, solution to one eye-problem

    [We started out keeping one eye on this problem, but it does not
     want to stay out of sight.  Will this be the last message?  PGN]

A cheaper but similar solution was suggested by my opthalmalogist when I
attained that stage of life wherein my arms are too short.

Since I needed a small, positive correction (about +1.0) in each eye, I
purchased, at his suggestion, "reading glasses" from the local pharmacy for
about $12.00.  Since then, my eyes have worsened a little and I need about
+1.25 to +1.5 diopters for reading.  But this is too strong for the terminal
(an AT&T 5620 with rather small font), so I retained the old +1.0 diopter
lenses for the terminal at work.  At $12.00 each, I can afford to have a
pair at the office, a pair at home, and a pair to carry.

Note:  This won't work if one has astigmatism or if one needs widely
different corrections in each eye.  But ask your doc.  You can buy a lot of
OTC glasses for $200.

Oh yes, it is a small nuisance to switch glasses from terminal lenses to
reading lenses, but one learns quickly to minimize the hassle.

Brint

------------------------------

End of RISKS-FORUM Digest
************************
-------

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.