Subject: RISKS DIGEST 14.69
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Friday 4 June 1993 Volume 14 : Issue 69
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Interference from mobile telephones (Erling Kristiansen)
Zapped by the phone? (Richard Wexelblat)
Re: Flight control computers to bypass pilots (Erling Kristiansen)
WANTED: Article describing 10 Biggest Failures of Technology (Richard J Frost)
Cryptic probable cause (Gary Preckshot)
Re: Keypad security risks (Sean Matthews, Michael S. Polymenakos)
Re: Fake ATM Machine Steals PINs (Phil White, Lars Wirzenius, Bob Frankston,
Grant Grundler)
Re: Cryptography and the Bill of Rights (Robert I. Eachus)
More on the risks of teaching ... (Peter D. Junger)
White House Electronic Mail (Steen Hansen)
Did they have an address for Hillary? (Paul Robinson)
The RISKS Forum is a moderated digest discussing risks; comp.risks is its
Usenet counterpart. Undigestifiers are available throughout the Internet,
but not from RISKS. Contributions should be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to
[email protected], with appropriate, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to
[email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to
[email protected]).
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Fri, 4 Jun 93 09:04:45 +0100
From:
[email protected] (Erling Kristiansen)
Subject: Interference from mobile telephones
Communications Week International, 31 May 1993, brings an article under the
headline "Radio Storm Hits GSM", which I paraphrase below.
Handsets for the European digital mobile phone system GSM are reported to
cause interference with hearing aids as well as car electronics (the latter
has been reported in RISKS before). Tests in Australia, Germany, and the
Unites States show that the burst transmission mode (TDMA - Time Division
Multiple Access) used for GSM and other digital cellular systems causes
interference with hearing aids as far away as 30 meters. At a range of 3-5
meters, hearing-aid wearers experience a humming noise. In some cases the
noise is painful, according to the report.
Car manufacturers are concerned that GSM handsets may interfere with
electronic devices, including those that control air bags and ABS brakes.
Volkswagen has found interference with several systems, but the article is not
specific about which ones. So has Mercedes.
BMW say they have done tests but found no interference.
The article goes on to discuss the merits of TDMA, as compared to analog and
CDMA systems. The conclusion seems to be that TDMA is more prone to causing
interference due to its rather high-powered burst mode of transmission.
The issue is raised of whether it is up to GSM designers/manufacturers to
solve the problem, or whether the manufacturers of those systems that GSM (and
other digital phone systems) interferes into, have to take measures to protect
themselves against interference. There is no conclusion on this issue, but
various views are presented.
Finally, commercial issues are addressed. Some manufacturers question the
extent of the issue but fear that it may dampen the export of GSM.
Erling Kristiansen, ESTEC Noordwijk, The Netherlands.
------------------------------
Date: Wed, 2 Jun 93 15:27:42 EDT
From:
[email protected] (Richard Wexelblat)
Subject: Zapped by the phone?
June's Spectrum has an article, "The Cellular Phone Scare" subheaded:
Despite the media hype, not one study has shown a link
between cellular phones and brain cancer; nonetheless, more
research is under way.
In spite of a clear anti-danger bias, the article presents a good survey of
work-to-date on the effects of non-ionizing radiation. (IEEE _Spectrum_, June
1993, 43-47)
------------------------------
Date: Fri, 4 Jun 93 08:37:31 +0100
From:
[email protected] (Erling Kristiansen)
Subject: Re: Flight control computers to bypass pilots (RISKS-14.65)
The Independent article says
> Yesterday the first test demonstration of equipment which will allow pilots
> and air traffic controllers to communicate through computers was held.
It is not quite true that this was the first demonstration of such
capabilities. The European Space Agence (ESA), in cooperation with several
organizations and airlines, demonstrated our PRODAT satellite mobile
communication system with, among other features, ATC digital communication,
starting in 1987.
The trials included installations on several aircraft - including the very
same BAC 1-11 quoted in the Independent article. One Airbus 310 was flying the
equipment for more than a year, and ATC experimenters were collecting flight
data on a regular basis, but the system was not actually part of the ATC
operations of this aircraft. One dedicated flight, with a private Jetstream
aircraft, between Madrid and London, was carried out with the PRODAT link as
primary ATC communication channel (and voice as backup) for the part of the
flight taking place in Spanish airspace.
Admittedly, the scope of the PRODAT trials was more limited than that of the
Mode-S. The goal was to demonstrate the feasibility of digital satellite
communication for ATC (and airline) purposes. All equipment was to prototype
standards, and a possible commercialization would have taken place in a second
phase.
The trial system incorporated capabilities for the controller to access flight
data, but no to down (up?)-load data into the aircraft equipment.
Pilot-to-controller messaging was also provided.
The aeronautical part of PRODAT has been discontinued for a variety of reasons
(competing systems, standardization going in other directions). PRODAT still
continues, and is on the verge of commercial deployment for land mobiles - but
that is another story.
The RISK? When the press proclaims a FIRST, do not always believe it.
Erling Kristiansen, ESTEC, European Space Agency, Noordwijk, The Netherlands
------------------------------
Date: Fri, 04 Jun 93 11:12:18 +0900
From: Richard J Frost <
[email protected]>
Subject: WANTED: Article describing 10 Biggest Failures of Technology
There was an article published in a computer journal back in the 70's with a
title similar to "The 10 Biggest Failures of Technology". It described
technology failures in America and its effects.
It included the famous blackout of America and other major failures that were
linked with failing technology.
Has anyone heard of it? Does anyone know where I can get this article?
Please email replies to the address below. Thanks [CC RISKS also. PGN]
Richard Frost, CSIRO, Flinders Joint Research Centre in Information Technology
Adelaide, SOUTH AUSTRALIA
[email protected] +61 8 201 3651
------------------------------
Date: 4 Jun 1993 10:01:20 U
From: "Gary Preckshot" <
[email protected]>
Subject: Cryptic probable cause
Jay Schmidgall writes:
> Ok, I guess I must have skimmed over this part. Let me see if I understand
> this properly:
> If I have got more secure crypto gear, probable
> cause exists that I have committed a crime.
> Hmmm. Does this include any crypto gear that may have been purchased
> before the corresponding CLIPPER-enabled gear became available?
There was an interesting article in the June 2 Wall Street Journal to the
effect that such a significant proportion of cash in the USA was now
contaminated by cocaine that cocaine contamination was becoming
non-evidentiary. In Florida, one study found 97% of all bills exhibiting
cocaine contamination. In Chicago, another study (by a DEA forensic chemist)
found 33% of all bills in circulation had detectable cocaine.
To date, about three Federal courts have ruled that evidence seized because of
dog sniffs or contaminant detection was illegally seized. It seems unlikely
that any presumption could be attached to using secure crypto gear that the
Government couldn't break because there are many innocent activities and
reasons that people could advance for not wanting the Government or anyone
else reading their mail. Consequently, a law prohibiting the use of
non-breakable crypto gear seems the only way the Government could declare that
such use was de facto incriminating. Such a law already exists in precedent.
Ham radio operators are not allowed to use non-standard codes or unrecognized
spoken languages.
------------------------------
Date: Wed, 2 Jun 93 14:48:46 +0200
From:
[email protected] (Sean Matthews)
Subject: A keypad security risk
This weekend I was staying with a friend who works in a secure
building, and I went with him one evening so that I could borrow a
computer to read my mail, and things. This was in the evening, and
there was no-one in the building to let him in, so he had to key in the
pass number on the outside door for the first time in months.
This number is four digits long, and contains a duplicate. How do I know
this? Because of the ten buttons on the key pad, seven were covered in dust,
and had clearly not been touched in a long time, and it was easy to see that
he entered four digits (also, four is the number you expect).
Random four-digit passnumbers do not provide exactly high security, but they
do provide some. When the set of passnumbers is reduced to 36, there is not
even the vestige of security left.
Sean Matthews <
[email protected]> Max-Planck-Institut fuer Informatik
Im Stadtwald, W-6600 Saarbruecken, Germany phone: +49 681 302 5363
------------------------------
Date: 31 May 1993 12:33:25 -0400
From:
[email protected] (Michael S. Polymenakos)
Subject: Re: Cash machine keypad risk? (Potts, RISKS-14.65)
On a related note, I once approached an ATM that was displaying what was
clearly a diagnostic screen of hexadecimal numbers. There were a few numbers
shown on top (registers?) and 5-6 rows of long hex strings preceded by what
must have been memory addresses. There was no response to the keypad (I
tried). Considering what may have happened to the ATM Card and/or the account
balance of the person who may have been using the machine when this happened,
I decided to look for another bank, rather than risk using the 'sister'
machine in the same branch.
Michael Polymenakos
------------------------------
Date: Wed, 02 Jun 93 22:03:46 PDT
From: Phil White <
[email protected]>
Subject: Re: Fake ATM Machine Steals PINs
Another method that might allow you to "authenticate" an ATM machine:
Enter an incorrect PIN as your first attempt.
Try a balance query if the ATM seems to accept the bad PIN.
At least at my bank's ATMs, you are given a second chance to enter the
correct PIN after entering the wrong one. Come to think of it, this
might decrease the odds your PIN will be stolen by someone who
observes you keying in the number.
Phil White Tektronix, Beaverton, OR USA ::
[email protected]
[First entering an incorrect password was also noted by
[email protected] (Michael S. Polymenakos),
[email protected] (Matt Fichtenbaum),
[email protected] (Bill Cordan),
HOLDEN_PHILIP/
[email protected] (Philip Holden),
rmehlman%
[email protected] . THANKS! PGN]
------------------------------
Date: Sun, 16 May 1993 21:44:10 +0300
From: Lars Wirzenius <
[email protected]>
Subject: Re: Fake ATM machines
>[New trick? This is one of the oldest scams going, but it still recurs. PGN]
In a Swedish novel from 1982, ``Datadyrkarna'' (roughly, `the data
lock-picks', or `the data worshippers') by Jan-J"oran Stenhagen (a pseudonym,
according to back cover), one part of the plot is about the same scheme (but
without giving money). The crooks set up a fake ATM and had it collect the
PINs. They did the money collecting part at the end of the month, when most
people had just got their salaries (they are usually paid monthly, not weekly
as I understand is more common in the US), and had a lot of money on their
accounts.
The rest of the book and its sequel contain a lot of other interesting issues
about data safety, and risks of computerization. The two crooks (the main
characters in the book) start with making their employer go bankrupt (after
she had angered them), continue with the ATM scam, and then attack the social
security system and rob most of the money going through it.
The ISBN is 91-46-14287-8, published by Wahlstr"om & Widstrand. I don't have
the sequel, although I have read it. Alas, I doubt either has been translated
to English.
[email protected] (finger
[email protected])
------------------------------
Date: Tue, 1 Jun 1993 18:44 -0400
From:
[email protected]
Subject: Re: Fake ATM Machine Steals PINs
The reality is that one cannot be overly careful about ATMs one uses. I use
BayBank in the Boston area. One reason (aside from proximity to MIT over 25
years ago) is that they've got zillions of their own ATMs as well as being on
a number of worldwide ATM networks. It isn't realistic to be paranoid about
every one. The risk of proposing interminable vigilance as a "solution" is
that it doesn't solve the problem and only shifts the blame to the poor user
who has enough to worry about. And by doing so reduces the pressure to
actually solve the problem. In any case, it is worth the $50 exposure (if the
bank really presses the issue) on stolen ATM cards to apply my Type A
inclinations to other sources of worry.
It reminds me that Olmstead (sp?) who created many parks in the 1800's
including Central Park in New York was (supposedly) against placing lights in
them because it would encourage foolish behavior like walking in the parks at
night where one is likely to be mugged.
------------------------------
Date: Wed, 26 May 93 12:26:42 PDT
From:
[email protected] (Grant Grundler)
Subject: Re: Fake ATM Machine Steals PINs (Peterson, RISKS-14.60)
How can a user report fraud within 48 hours if the fraud isn't apparent until
an ATM account statement shows up (Normally once a month)? Do I have to
report fraud within 48 hours my bank drops my statement in the mail?
I know some of this has been discussed before. This is not a new problem.
Possible Solutions (and my comments):
1) Enable user to verify the ATM is "real".
(technically feasible? too expensive? How secure? will Banks adopt this?)
2) Use the ATM only at your local bank.
(Certainly reduces the usefulness of ATM cards)
3) Don't use an ATM - just write personal checks or use credit cards.
(Risk is transferred to business to verify personal check. Not accepted
everywhere, not anonymous, or transaction costs store about %2)
4) Carry more cash?
Grant Grundler voice: +1.408.366.3583
[email protected] fax: +1.408.366.3606
[Similar comments from Rebecca Walpole
[email protected].]
------------------------------
Date: Wed, 2 Jun 93 12:15:01 EDT
From:
[email protected] (Robert I. Eachus)
Subject: Cryptography and the Bill of Rights
"David A. Honig" <
[email protected]> wrote:
> While this may amuse some, this actually addresses at a
> profound and often overlooked intent of the 'Founding Fathers'.
> The People are guaranteed the right to bear arms, not just for
> personal defense (which was obvious to them), but also because:
> politicians prefer unarmed peasants. An unarmed populace is
> much easier to dominate. And so is a populace without the
> ability to have privacy.
...and so is a populace without access to reliable news, and to
the opinions of other citizens, and...
Thomas Jefferson would have been the first to argue that the right of free
speech, and to peaceably assemble are more fundamental and more important than
the right to bear arms. In fact he did so argue, and that is one of the
reasons that the first and second amendments are in that order. Modern
cryptography is much more important as a component of free speech than as a
weapon in and of itself. (But, a free press is a more important weapon than
rifles or cannons, see Tom above.)
Peter D. Junger makes it clear that restrictions implicit in ITAR
seriously limit the exercise of free speech. (If a law professor restricts
his speech, in particular what he feels free to discuss in class, after
carefully reading the ITAR regulations, then there can be no question that
those regulations have a chilling effect on free speech.) Is this chilling
effect unconstitutional? It depends on whether those regulations reflect the
intent of the Senate in signing a treaty, or just the catch-all wording of
some bureaucrat issuing regulations to implement and international agreement.
IMHO, unless the Senate debate on an international treaty specifically
discussed the limitations to freedom of speech involved in limiting the export
of crypto gear, the issue does not arise. Everything that I have seen on ITAR
specifically recognizes the individual US citizen's right to free
non-commercial speech, and severely limits everything else, so I suspect that
this reflects congressional intent. (I thought about doing the search after
lunch, and realized that the best approach is to ask--in a polite letter--a
few of the Senators who were there. I'll post any responses received...)
Robert I. Eachus
------------------------------
Date: Fri, 04 Jun 93 11:15:18 EDT
From:
[email protected] (Peter D. Junger)
Subject: More on the risks of teaching ...
I have received a large number of personal responses to my article on the
risks of teaching about computers and the law (RISKS-14.65) as well as the
responses that appeared in RISKS-14.67. (I am afraid that I lost some of the
personal responses, so if you haven't received a reply, please send me another
copy of your message.) These have been most interesting and helpful and, for
the most part, supportive.
I would, however, like to correct some misapprehensions that appear in the
response by Jerry Leichter entitled "Re: Peter D. Junger's risks of
teaching..." (RISKS-14.67).
Mr Leichter writes:
While more sophisticated in his writing, what Mr. Junger is really
doing is simply repeating an argument we've seen many, many times on
the net:
1. Anyone can write cryptographic software, so where is the
secrecy?
2. The regulations as written forbid export of such things as -
a favorite example that Mr. Junger surely did not re-invent
independently - Captain Midnight Decoder rings.
But my trouble is that _I_ (not anyone, not anyone else, but just dear old
_moi-je_) wrote an encryption program that does not contain anything secret or
original and yet the ITAR regulations require me to get a license before I
_talk_ about this program with my students, if any of them should happen to be
foreign, without first obtaining a license from the State Department, a
license, which if it is granted, I could not expect to get before the semester
is over. So I am not making the very sensible argument that Mr. Leichter
pooh-pools as old hat. (I have no recollection of having ever seen any
reference to my old--or any other--Captain Midnight Decoder (which I don't
recall was a ring--wasn't it sort of a flat disk with a knob in the center?)
during the last several decades, but if Mr. Leichter is sure I did not
"reinvent" this example, I won't argue that point with him.)
Though I think it is sort of silly to require me to get a license to export my
program, since I don't want to export it--I just want to talk about it and
publish it and post it on my FTP server, all within the United States--that is
not my problem. Once again, what I am concerned with is the requirement that
I get a license to talk (or publish) information about my program within the
United States, a requirement that is blatantly unconstitutional.
Thus Mr. Leichter's example of requiring a license for the exportation of an
encryption _chip_ has nothing to do with my problem. (I must admit, however,
that I cannot conceive of a case where the export of an encryption chip, that
was not developed by or on behalf of the government, could be a serious threat
to our national security.)
His other example does, however, have some bearing on my problem, if only
because it illustrates how unclear, how far from being present, how
farfetched, is the danger of allowing information about cryptography to get
into the hands of the foreigners, for this example is: "conjectural software,
500 man-years in the making after a large research investment, for breaking
cryptosystems used by the US for communicating with its embassies abroad".
(Who would spend all that time and money to accomplish such a goal, whether
those who did it (were it done) would be deterred by export regulations, and
whether a program of such complexity could ever work are exercises that are
left to the reader.)
Even though we are basically talking about different issues, however,
the desire of Mr. Leichter to regulate the export of devices does
ultimately collide with the Constitutional right of free speech that is
my concern. As he puts the problem:
Mr. Junger teaches law. Perhaps he'll take up the challenge of
suggesting regulatory wording that covers "significant"
cryptographic "equipment" - along the way, perhaps, coming up with a
distinction that can be made in some useful way among "equipment",
"software", and "specifications".
The trouble with this challenge--besides the fact that I have no interest in
drafting such regulations--is that the constitution forbids the regulation of
speech and that "specifications" fall squarely within the category of speech.
What is really interesting is that "software" seems to be both "equipment",
which is unprotected, and speech, which is constitutionally protected.
(That's why I find computers and the law an interesting subject.)
The problem that I face is not how to draft unconstitutional regulations but
how to challenge them. The fact that the regulations are not enforced makes
it difficult to get their constitutionality before the courts. And the fact
is that the regulatory scheme is not enforced by the bureaucrats, despite Mr.
Leichter's claim that that is their job; instead, as one who responded to me
privately put it, they rely on "FUD (Fear, Uncertainty and Doubt) to dissuade
people from using and distributing effective cryptographic software."
Peter D. Junger
Case Western Reserve University Law School, Cleveland, OH
Internet:
[email protected] -- Bitnet: JUNGER@CWRU
------------------------------
Date: Fri, 4 Jun 93 08:33:15 -0400
From:
[email protected] (Steen Hansen)
Subject: WHITE HOUSE ELECTRONIC MAIL
Forwarded message:
> For Immediate Release June 1, 1993
>
> LETTER FROM THE PRESIDENT AND VICE PRESIDENT
> IN ANNOUNCEMENT OF WHITE HOUSE ELECTRONIC MAIL ACCESS
>
> Dear Friends:
>
> Part of our commitment to change is to keep the White House
> in step with today's changing technology. As we move ahead into
> the twenty-first century, we must have a government that can show
> the way and lead by example. Today, we are pleased to announce
> that for the first time in history, the White House will be
> connected to you via electronic mail. Electronic mail will bring
> the Presidency and this Administration closer and make it more
> accessible to the people.
>
> The White House will be connected to the Internet as well as
> several on-line commercial vendors, thus making us more
> accessible and more in touch with people across this country. We
> will not be alone in this venture. Congress is also getting
> involved, and an exciting announcement regarding electronic mail
> is expected to come from the House of Representatives tomorrow.
>
> Various government agencies also will be taking part in the
> near future. Americans Communicating Electronically is a project
> developed by several government agencies to coordinate and
> improve access to the nation's educational and information assets
> and resources. This will be done through interactive
> communications such as electronic mail, and brought to people who
> do not have ready access to a computer.
>
> However, we must be realistic about the limitations and
> expectations of the White House electronic mail system. This
> experiment is the first-ever e-mail project done on such a large
> scale. As we work to reinvent government and streamline our
> processes, the e-mail project can help to put us on the leading
> edge of progress.
>
> Initially, your e-mail message will be read and receipt
> immediately acknowledged. A careful count will be taken on the
> number received as well as the subject of each message. However,
> the White House is not yet capable of sending back a tailored
> response via electronic mail. We are hoping this will happen by
> the end of the year.
>
> A number of response-based programs which allow technology
> to help us read your message more effectively, and, eventually
> respond to you electronically in a timely fashion will be tried
> out as well. These programs will change periodically as we
> experiment with the best way to handle electronic mail from the
> public. Since this has never been tried before, it is important
> to allow for some flexibility in the system in these first
> stages. We welcome your suggestions.
>
> This is an historic moment in the White House and we look
> forward to your participation and enthusiasm for this milestone
> event. We eagerly anticipate the day when electronic mail from
> the public is an integral and normal part of the White House
> communications system.
>
> President Clinton Vice President Gore
>
[email protected] [email protected]
------------------------------
Date: Fri, 4 Jun 1993 04:00:00 -0400 (EDT)
From: Paul Robinson <
[email protected]>
Subject: Did they have an address for Hillary?
Someone wrote me to ask:
> Thank you for relaying information concerning the high-tech
> White House. Did they have an address for Hillary? I can't
> imagine her suffering
[email protected]. Seriously,
> I need to get to her press secretary.
I wanted to see if there was anything:
% telnet
telnet> open whitehouse.gov 25
Trying 198.137.240.100 ...
Connected to whitehouse.gov.
Escape character is '^]'.
220 SMTP/smap Ready.
helo
250 Charmed, Im sure.
vrfy hillary
250 <hillary>
"250" in this case, is an "ok" indicating the mail-server receiving
the request considers the address to be valid. So try that, then:
[email protected]
That will probably go to one of the clerks that handles her correspondence.
Paul Robinson --
[email protected]
------------------------------
End of RISKS-FORUM Digest 14.69
************************
