Subject: RISKS DIGEST 13.33
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Thursday 2 April 1992 Volume 13 : Issue 33
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
William Gibson, An (On-Line) Book of the Dead (PGN)
NSA and cryptographic software (PGN)
US Navy radar jammers pass test despite software errors (Jay Brown)
SDI (from Newsweek) (John Sloan)
A remarkably stupid design decision (Geoff Kuenning)
Risk of "parameter validation" hype (Mark Jackson)
Re: FBI v. digital phones (Daniel B. Dobkin)
Re: Laws to Ease Wiretapping (A. Padgett Peterson)
Re: Aviation Software Certification (Brian Randell)
WAR GAMES II (Eric S. Raymond)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to
[email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to
[email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Thu, 2 Apr 92 9:08:13 PST
From: "Peter G. Neumann" <
[email protected]>
Subject: William Gibson, An (On-Line) Book of the Dead
William Gibson, well known for his "Neuromancer" (which in 1986 anticipated
what is today known as virtual reality), has a new book, "Agrippa (A Book of
the Dead)" that apparently will be available ONLY in computer-diskette form,
according to Entertainment Weekly.
As reported in the San Francisco Chronicle (31 Mar 1992, p.D3), "Gibson plans
to infect the disk with a virus that will make it impossible to transfer the
text to paper."
This supposed "virus" (more like a logic bomb or a confinement lock?) will
undoubtably present an interesting challenge to MSDOS crackers, antiviralists,
virtual realists, and foreign ripoffs. If it were to run on Unix, where you
can external to the program trivially pipe the output to a file, at least the
text would be easy to capture. However, perhaps this is really a situation in
which it is the graphical screen image that is relevant rather than the words.
Digitized sound would also make it hard to transfer to paper.
There is also the likelihood that a succession of home-grown purgated editions
might appear, with incremental changes in the dialogue, visuals, and plot line.
You don't like the ending? You want pornographic augmentations? Roll your own
modifications! Tinkering is generally easier than creating in the first place.
So, the book also needs some sort of integrity lock (checksum or crypto seal
[is a sea-lion a cryptoseal?]) to provide tamper detection; however, many such
schemes can be defeated by careful modifications that continue to satisfy the
check. But, if Gibson has come up with an interactive, interpretively
developed book that creates its own virtual reality on the screen, that could
be quite an exciting development.
[Note: It is important not to confuse the SF Chronicle noted above with
the other publication with the same handle, the Science Fiction Chronicle,
although sometimes it is hard to tell the difference.]
------------------------------
Date: Thu, 2 Apr 92 9:23:37 PST
From: "Peter G. Neumann" <
[email protected]>
Subject: NSA and cryptographic software
The NSA and the Software Publishers' Association appear to have reached an
agreement that would allow some exports of cryptographic software, as long as
the keys are constrained to be sufficiently short. The net effect is a slight
but potentially useful improvement over what was previously exportable.
[Source: An article, NSA May Loosen Curbs on Software Sales Abroad, by Don
Clark, Chronicle Staff Writer, San Francisco Chronicle, 24 Mar 1992, p.C1]
Now that NSA and RSA have come a little closer, we need to bring in BSA (the
Boy Scouts of America). Be prepared! Imagine, a merit badge for cryptography?
[For some background on RSA, see Burt Kaliski's contribution on the free (to
noncommercial users) RSAREF privacy-enhanced mail toolkit, RISKS-13.22.]
------------------------------
Date: Thu, 2 Apr 92 08:02:29 CST
From:
[email protected] (Jay Brown)
Subject: US Navy radar jammers pass test despite software errors
There was a report last week on CNN Headline News about the US Navy improperly
certifying radar jamming equipment for Navy jets (I think the F-14 and the
F/A-18 were mentioned). According to the report, the Navy tested and certified
these jammers despite the fact that the equipment failed several tests or did
not meet all the criteria for certification. As a consequence, some
congressional subcommittee or another was investigating the Navy's
certification procedures. The Navy's excuse for certifying these systems
despite the failed tests was to blame the failures on software errors,
according to the report.
The report did not mention who manufactured the radar jammers or who wrote the
software in question.
-- John L. Brown,
[email protected]
------------------------------
Date: Sat, 28 Mar 92 12:16:32 MST
From:
[email protected] (John Sloan)
Subject: Newsweek, March 23,1992, on SDI
The March 23, 1992 edition of _Newsweek_ features an article critical
of research related to the Strategic Defense Initiative. The article
is titled "Safety Net Full of Holes" (pp. 56-59), written by Sharon
Begley and Daniel Glick. It contains this reassuring passage:
"[The] Pentagon disagrees that deploying a space-
and ground-based defense system poses significant
technical challenges. The complexity of the software
required to coordinate Star Wars, for instance, is no
more daunting than programs that control nuclear
reactors, it says."
Now we can all breath a sigh of relief. [ All typos are mine. ]
John Sloan, NCAR/SCD,
[email protected]
------------------------------
Date: Thu, 2 Apr 92 03:03:19 PST
From:
[email protected] (Geoff Kuenning)
Subject: A remarkably stupid design decision
I just had to pass this one on because it was so funny/sad. A client told me
today of a consultant who designed a menu-driven system to be used by
accountants for financial purposes. Needing a special character to signify
"return to main menu", he chose one that "nobody uses" (his words). The
character? The dollar sign!
Needless to say, on the first day the software was installed, my
client got a frantic call. "Every time I try to enter a dollar
amount, it pops me back to the menu!"
Sigh. Geoff Kuenning
[email protected] uunet!desint!geoff
------------------------------
Date: Thu, 2 Apr 1992 06:15:04 PST
From:
[email protected] (Mark Jackson)
Subject: Risk of "parameter validation" hype
So Microsoft is touting "parameter validation" as a bold new innovation. You
forgot to cite the obvious Risk: someone's inevitable attempt to *patent*
parameter validation. . .
------------------------------
Date: Thu, 2 Apr 92 10:13:21 EST
From: "Daniel B. Dobkin" <
[email protected]>
Subject: Re: FBI v. digital phones (Kantor, RISKS 13.32)
Brian Kantor notes that a monitoring capability is an essential diagnostic
element of any telephone switch, digital or analog. He suggests that the only
purpose conceivable for a law such as the FBI proposes is to enable wiretaps
without Telco cooperation; this in turn is most likely to occur when the FBI
doesn't have a proper warrant, either. Hence, "[W]hat they are asking for is
the ability to make warrantless taps."
In fairness to the FBI, there are other possibilities, such as when a Telco
employee is himself the subject of an investigation. Not much, I agree, but
let's try to assume that the Bureau's motivation is pure, even if its proposed
implementation isn't.
------------------------------
Date: Wed, 1 Apr 92 22:37:48 -0500
From:
[email protected] (A. Padgett Peterson)
Subject: Laws to Ease Wiretapping
This makes the second time in recent months we have heard of government
initiatives to make wiretapping of data traffic easier. Interestinly, there
are a couple of companies currently working on devices (and must admit I have
been prodding them for a couple of years) that should make it an order of
magnitude more difficult:
For some time now, I have been concerned about tapping, particularly when
performing my daily security duties while at conferences. Currently I rely on a
"smart card" or dynamic access device for one-time passwords to avoid spoofing.
About two years ago the following thought crossed my mind:
Years ago when maintaining KY-26 cryptographic equipment,
(my AFSC was 306mop0) brave souls used to bring up encrypted channels
"blind" to minimise time away from the poker game. Instead of changing
the transmit side first and using the receive side to verify reception,
we used to change both sides at once by taking a pre-established count
to go "bravo india" and create a synchronized duplex connection. If we
could communicate, we would know that it had worked (what was done if
it did not is not disclosable but involved the butt end of a large
screwdriver).
Similarly, a couple of years ago I was talking to one of the major vendors
of "dynamic access control devices" about use to provide full encryption of all
traffic. Currently, the way such a system works is that when a login occurs,
the host sends out a multi-digit "challenge". In my case, I enter the
challenge followed by a PIN into a card which then calculates a reply. I send
back the reply as a password that lets me into the system.
What I postulated was that instead of sending the reply back to the
host, it be fed into my laptop as the seed for encryption. The laptop
then sends a "bravo india" to the host telling it to start encryption.
Since the host knows what the reply should be, it uses that as its own
seed. If both sides are then able to communicate, they authenticate each
other simultaneously while providing full encryption of all following
traffic.
One of the major problems was loss of synch from line noise, but the
current crop of error-correcting modems has made such encryption not only
feasible but also easy and at whatever level (DES, RSA, ...) is desired.
------------------------------
Date: Mon, 30 Mar 92 12:56:51 BST
From:
[email protected]
Subject: Re: Aviation Software Certification
Last month I sent to RISKs a copy of an article that appeared in the (UK)
Computer Weekly on 6 February which carried the headline "Experts warned CAA
before Airbus disaster". Attached is a letter, from the experts concerned,
complaining at this article. This letter was I understand published by Computer
Weekly on February 13, and has just been drawn to my attention. Despite the
delay, I suggest that it be included in RISKs, in view of the comments it makes
on the original article.
Brian Randell
-----------
AIRBUS SOFTWARE IN THE CLEAR
We are the three BCS "software experts" who visited the CAA in January to
discuss the new draft standard for software in aircraft systems D0-178B.
We believe that it is misleading that you linked our technical visit to the CAA
to the subsequent A320 Airbus crash. There is no evidence of any fault in any
safety-critical software on the A320 Airbus crash. It is too early to know the
causes of the crash and irresponsible to imply that we were in any way trying
to "warn the CAA" about the A320.
Our concerns about the draft D0-178B are technical and relate to its inadequacy
as a basis for objective certification of the reliability of software in
airborne systems. All modern passenger aircraft contain safety-critical
software and our comments to the CAA did not relate to any specific aircraft.
The CAA received our comments constructively and readily agreed to pass each
criticism to the international team which is reviewing the draft standard.
Bev Littlewood, Martyn Thomas, Brian Wichmannn
Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
EMAIL =
[email protected] PHONE = +44 91 222 7923
FAX = +44 91 222 8232
------------------------------
Date: 2 Apr 92 02:34:52 GMT
From:
[email protected] (Eric S. Raymond)
Subject: WAR GAMES II
WAR GAMES II
or
How I Learned To Start Worrying and Hate The Bomb
[posted to comp.risks; an incomplete version previously went to other groups]
Some of my friends call me an `improbability vortex' --- the kind of person
weird stuff just naturally happens around. Occasionally I manage to to forget
why; my life doesn't seem bizarre to *me*. Then, something happens to remind
me...
Wednesday, March 25 1992: a fairly ordinary day in the life of Eric Raymond,
Boy Hacker. Shower, read netnews, phone calls, some revision on the clone
hardware buyer's guide I've been working on for comp.unix.sysv386. Will the
top ten vendors go for my idea of a competitive "UNIX Dream Machines Bake-Off"?
Hmm...well, Swan Tech wants to sign up, that's a start. Ah, the mail's in.
Riffle, riffle. What's this? Forwarded from MIT Press. Something about
the book, no doubt...
The Book: if you don't know it already, I edited a lexicon called
_The_New_Hacker's_Dictionary_ (MIT Press, 1991, ISBN 0-262-68069-6). It's
all about hacker language and folklore. Sold 14,000 copies in its first
seven months, got rave reviews everywhere, good stuff like that. Got my
first nut-case letter about a month back --- always heard that was supposed
to happen to authors. Some of the fallout has been weird. Ouch, fallout ---
*bad* choice of words. Back to our story.
Hm. From ISPNews. INFOSecurity Product News. Eh? Never heard of them;
sounds like some trade rag for professional paranoids. Computer form on the
inside; addressed to ERIC RAYMOND EDITOR, THE MIT PRESS, MASS INST OF
TECHNOLOGY, CAMBRIDGE MA 02142. I see what happened; the Press's editorial
address miscegenated with my book credit in someone's mailing-list software,
and some clerical droid at the Press didn't look at content and forwarded
a piece of mail that should have stayed in-house.
What we've got here is, oh, yeah, must be a report from the magazine's
bingo card. Reader service; they circle numbers, you get a bunch of product
info requests. OK, who wants to know about my book? Maybe I'll give them
a surprise and answer it myself. They probably all think the book is a how-to
manual for crackers. Damn all journalists for what they did to the word
"hacker", anyhow...
There were four. First one:
DAVID CARGILL SYSTEMS A
GUARDIAN LIFE INS
STE 201
888 SEVENTH AVE
NEW YORK NY 10106
Oh, boring, I thought to myself. Actually he turned out not to be; I spoke
with him, later, and the guy turns out to be an old UNIX hand who, when I
explained what the book is really about, cheerfully expatiated on Cargill's
Theory of Fat Electrons.
See, Con Edison sucks its line current out of the big generators with a pair
of coil taps located near the top of the dynamo. When the normal tap brushes
get dirty, they take 'em off line to clean up, and use special auxilliary
taps on the *bottom* of the coil. Now (sez Cargill) this is a problem,
because when they do that they get not ordinary or `thin' electrons, but the
fat'n'sloppy electrons that are heavier and so settle to the bottom of the
generator. These flow down ordinary wires OK, but when they have to turn a
sharp corner (like in an IC via) they get stuck. This is what causes computer
glitches.
I laughed, said "You sound like a man who wants to hear about {quantum
bogodynamics}" and directed him to the on-line version of the book at prep.
Back to our story...
Next guy...
BRADLEY H EDWARDS SEC SPE
SECURITY-SAFETY
CONSULTS
PO BOX 536
TOPEKA KS 66601
Well, the phone number attached to this one was out of service. Security
Specialist, eh? For sure he's got the cracker/hacker bug on the brain. Then
my eyeballs tripped over the third address
PAMELA D MILLER CHIEF
USSPACE COM
STOP 4
J2C/SS0-C
CHEYENNE MTN AFB CO 80914
and I went into the mental equivalent of TILT TILT TILT. Now, any of you who
ain't congenital idiots raised in a rain barrel somewhere on the butt-end of
nowhere will already have decoded that address to "U.S. Space Command, Cheyenne
Mountain Air Force Base". Yeah, that's right. NORAD; the big tunnel complex
under the mountain from which they be plannin' to fight World War III if it
ever goes down. Huge walls of blinkenlights, 30-foot-thick blast doors,
"We could tell you, sir, but then we'd have to kill you", the whole weird trip.
Cornpone accents with their fingers on the pulse of the Apocalypse.
Oh, *man*, I said to myself. I have to talk to this woman. I haven't
forgotten the nationwide media flap after _War_Games_ came out. You remember,
that silly movie where the kid with the voice-controlled IMSAI (snort) cracks
into NORAD's computers and accidentally damn near starts a nuclear war? God
damn; I'll bet the plot of that sucker is seared into the collective psyche of
every security officer at Cheyenne Mountain, they probably screen the video
every couple months just to keep the newbies on their toes.
What kind of hideous Federal heat could land on me if PAMELA D MILLER has
hacker/cracker confusion on the brain? I imagine some steel-eyed amazon in a
blue suit exuding grim determination to Nip This Menace In The Bud. *Bad*
scene for a guy who is, after all, better known in some circles for practising
witchcraft and stone anarchist-loony politics than for The Book. Yiiiii ...
visions of sinister limos and Men In Black pulling up to my front porch. "We
want to ask you a few questions, sir." So I called my editor Terri and Guy
Steele (credited coauthor) and told them all the proceedings so far. Nervous
laughter all around. Lugubrious jokes.
I need to convince this woman and her unknown masters that I'm a *harmless*
lunatic. Time to track PAMELA D to her lair. (Yes. Think of her that way,
Pamela D., like one of those impossible anonymous synthetic blondes in an
upscale skin magazine. "Well, I'm into sailing Sunfishes and I really like
kids, you know?". Good. A *much* less threatening mental tableau.) I limber
up my phoning fingers and call the number blazoned above her address.
<click> <sputter> "NORAD operator ten. What extension?"
Gulp. "Uh, I'm trying to reach Pamela D. Miller? I got a product
information query from her."
"Do you have an extension, sir?"
"Um, no I don't. Just this number. And her address." I reel it off.
"Try the base locator at Peterson, sir. 554-4020."
"Thanks", I said, and hung up."
Ohhh-kay. NORAD for sure. Hail Eris! PAMELA D's hanging out somewhere
under a couple of cubic miles of rock, likely in some cramped little office
with 1950s-era furniture and walls painted institutional puke-green. And an
old-style black phone. (How long has it been since you've seen a black phone?)
(Trust me, this is what the military version of bureaucratic rabbit warrens
looks like.) Or maybe at some gleaming console watching telemetry from all
those KH-11s we're supposed to pretend don't exist. Hah. Heads up, Pammy;
constructive chaos is about to enter your life. All hail Discordia!
This is about where things started to get really Kafkaesque. The base
locator is their directory information desk. I ask for Pamela D. Miller's
extension and get 3247 (remember that number). I call it. Some guy who sounds
exactly like Andy Griffith answers: "<something unintelligible> Morrow", I
say I'm looking for Pamela D. Miller and he says "You want 3427".
O.K. I call 3427. Busy signal. Bummer. The thrill of the hunt having
took hold, I feel rather frustrated. I go off and do other things for fifteen
minutes or so --- polishing the draft rules for the Dream Machines Bake-Off.
I call again. Busy signal. Bummer again.
Lunch, some code-bashing, and about six or seven cycles of this later I
begin to suspect evil things. Either this woman spends more continuous time on
the phone than your average Hollywood lawyer or I've got a wrong number. Or
she doesn't actually exist. In your typical government agency she could have
died with the phoneset in her hand in 1974 and nobody'd have got around to
noticing it was off the hook yet. On the other hand, *somebody* had to fill
out that product-bingo card.
On my next try, when the operator says "Busy, sir." I explain that the
number's been continuously so for several hours, and this seems unlikely.
"I'll check for an alternate. <pause> Try 3052."
Right. No one answers at 3052. I hang up and answer some email. I try
again. No answer. Again, fifteen minutes later. No answer. Oy vey. Isn't
this where I got on?
So I try 3247 (the *original* number) again. Busy. Foo. I call the base
locator people again and explain that there appears to be some confusion in
the air. Is it 3247 or 3427? And what's with this 3052 jazz?
"I have 3247 listed, sir. I'll double-check. <pause> It says 3427 on
her card." Silence.
"Well, which is it?" I say.
"3427. But it says 3247 on the roster."
"Well", I say with enormous gentleness, "don't you think you ought to
consider *fixing* it?"
The silence of blank incomprehension on the other end. Never ask a droid
to exceed its programming; it wastes your time and annoys the droid.
I hang up. And try 3427 again. Busy...
A few cycles later I conclude this isn't working; it's time to drop back
and punt. I consider everything I know about bureaucracies, call the locator
people and confidently ask for the US Space Command main administration number.
"Um, there doesn't seem to be one, sir. Oh, wait, you can try this one."
She gives out with a string of numbers.
"Can you transfer me?"
"Stand by." (...only in the military)
<click>
"AF Space Command."
I go into my spiel about PAMELA D. and her inquiry and her address.
"Uh, that's a Cheyenne Mountain address. Can't help you with that."
"Um", I said, "this *is* US Space Command?"
"No sir, this is AF Space Command. Separate organization. We're on the
base; they're under the mountain."
"Two *separate* Space Commands?" I said. "Why two?"
I can't tell you what he said, because I didn't understand the resulting
freshet of bureaucratese. A couple of requests for clarification just got
me in deeper. I caught something about "functional separation" and strings
of building numbers about as intelligible as so many Egyptian hieroglyphs.
Struggling my way out of this verbal morass, I said, "Well, where do
I go from here?"
"Lemme see if I can send you over to someone that'll help", he says,
and gives me another number.
It's mid-afternoon now and I'm starting to lose it. Fifteen hundred miles
from these people and I feel as thoroughly trapped in their maze as though I
was physically under that bloody mountain. Theseus with no Ariadne and a
nuclear-security Minotaur lurking around the next bend. (I like my mixed
metaphors shaken, not stirred, thank you.) PAMELA D, where are you?
But I call this guy's number and get the most human-sounding voice yet.
"Base information", it says. Young, female, black, rather pretty if that lilt
isn't out of sync with her looks. Quite a change from the depersonalized
midwestern/southern whitebread twangs I've been hearing. She listens
sympathetically as I recount my tale of woe.
"Well, let's see what I can do for you." <pause> "That's strange.
I have no listing for a Pamela Miller."
If there were any justice in the world there'd have been eerie, sinister
music on the soundtrack just then. Slowly building towards the Moment of
Discovery. Wait for it. At the time, a slight but definite premonitory
chill ran down my spine.
"Well. Does this mail code mean anything to you? J2C/SSO-C?"
"Yes sir, it means she's in J2 section."
"O.K., what does J2 do? What does that say about her job?"
Long pause. "She's in intel, sir."
Jangling chords and screaming brass from the unseen orchestra. Oh, *great*.
All the paranoid fantasies that'd been slowly graying out as I threaded my way
through the labyrinth sprang back to full and colorful life. The
*intelligence* group. Better and better. I thought about buzzing Guy and
asking him if he was on good terms with any of his overseas relatives.
"A spook!" I said, and laughed rather hollowly. "No wonder I've had trouble
reaching her. What do I try next?"
Perhaps ominously, the woman did not elect to contradict my choice of
terms. "I'll see if I can reach anyone at J2 who knows her", she said. Long
pause. Long, long pause. Background noises; people coughing, murmured
speech, file doors banging.
Finally, anticlimax. "I found her. That's 2nd Lt. Miller, sir; I don't know
why she'd have "CHIEF" after her name. Her extension is 3433, but she's on
detached duty and won't be back till Monday."
And there you have it. It's 2:39 the following morning and I look like
an out-take from the "Nightfly" cover --- but if I disappear mysteriously,
y'all will *know* where to start.
TO BE CONTINUED...
(Interlude, Friday morning. My father reads an uploaded version of the above
and asks if I intend to post it. Upon learning that I already have, he soberly
advises against offending the entire U.S. Air Force. "After all," he observes,
"they could drop a smart bomb down your chimney." Gee. Thanks, Dad.)
Monday morning, March 30th: Once more into the breach --- and Pamela D. Miller
is real! Got her first time. Neither amazon nor bimbo, of course, but a
bright and generous-minded lady with a sense of humor. And a *1st* lieutenant
now. She turns out to be (no less) chief of computer security at NORAD; and
(mirabile dictu) she *knows* the difference between a hacker and a cracker.
*Vast* sigh of relief --- no snatch teams in my future and I can unstop my
chimney now.
She was hip enough to laugh when I told her something of my travails last
Wednesday, laugh harder when I told her the title of this posting, and
hardest when I volunteered to autograph her copy of TNHD with an inscription
reading "I will not start World War III. I will not start World War III.
I will not start World War III...."
She's not allowed to have a direct phone line, much less an Internet address
(think about it) so this mini-epic is going to have to go to her by snail-mail.
But I've been invited to tour NORAD and (yes, it is possible) visit the War
Room if I'm ever out Colorado way...
---
RISKS moral. Gotta have a RISKS moral for this story. Well, there are a
couple. The trivial one is, watch out for aliasing problems if you ever edit a
book; we've only got one word for several different kinds of `editor', and that
high-level difference may not be visible to computers or the clerical help.
A less trivial one is "Don't be paranoid; it encourages paranoia in others.".
I had fun writing the above; I've always enjoyed the mad-genius-on-speed style
as practised by Robert Anton Wilson, Tom Robbins, Hunter Thompson at. al. ---
but if Lt. Miller were that wiggy or I'd really approached her with The Fear
dripping from my every vocal overtone, things could've got ugly (hah! little
did she suspect that I kept her on the phone only long enough for my insidious
infrasonic acoustic virus to escape from her earpiece and set up *sinister
resonances* in any nearby electronic equipment...)
The least trivial of all is that *human* networking is still our most effective
tool for some important kinds of risk reduction. Mutual trust, when you can
establish it, is the best security. You guess; am I more or less worried now
about the risks inherent in having something like NORAD exist, having got
a little acquainted with Lt. Miller? Are *you* more or less worried after
reading this story? And, which is the real point, does this posting make it
more or *less* likely that someone with the requisite skills would actually
try to crack NORAD?
Eric S. Raymond =
[email protected] (breathing easier in Malvern)
------------------------------
End of RISKS-FORUM Digest 13.33
************************
