Subject: RISKS DIGEST 17.13
REPLY-TO:
[email protected]
RISKS-LIST: Risks-Forum Digest Thursday 18 May 1995 Volume 17 : Issue 13
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, etc. *****
Contents:
"Double your fun" (CA lottery woes) (Bruce Findlay)
AOL Used For Sting by Miami TV Station (David Tarabar)
Marketing use of medical DB (Mark Seecof)
Safeware: System Safety and Computers, Nancy Leveson (PGN)
Computers, Ethics, & Social Values, Johnson and Nissenbaum (PGN)
Building in Big Brother: The Cryptographic Policy Debate (Lance Hoffman)
Microsoft plans corporate espionage (Chris Norloff)
RISKS in Microsoft's Windows95 (identity withheld)
Re: "Bob" passwords (Brian T. Schellenberger)
30 February 1712 (Tapani Tarvainen)
Re: Intuit's Macintax security lapse... (Don Faatz)
Re: "Nautilus foils wiretaps" (M. Vincent)
Re: Cellular disturbances (David Woolley, Frederick Roeber)
Re: Internet Addiction (Shawn Mamros, Rob Cunningham)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Tue, 16 May 1995 07:50:47 -0700
From: Bruce Findlay <
[email protected]>
Subject: "Double your fun" (CA lottery woes)
Excerpted from the local paper of record, the San Jose Mercury News
[probably on 15 May 1995, which is when a similar item appeared in
the San Francisco Chronicle. PGN]:
Lottery computer gets ahead of itself
California Lottery officials scrambled Sunday to make amends for a
computer glitch that unexpectedly halted sales three hours early for the
weekend's $3 million jackpot. By mistake, the computer began issuing
tickets for Wednesday's upcoming drawing instead - causing anger and
confusion for lottery players and retailers around the state... Lottery
officials decided Sunday that players affected by the mix-up will have
their tickets honored in both contests... Lottery spokesman said an
employee of Sacramento's GTECH, which runs the lottery computer, was
conducting routine maintenance when he mistakenly entered a command that
closed the draw pool for Saturday's drawing. ...it wasn't clear how many
tickets were sold during the three hours but GTECH has promised to make up
any losses to the state.
RISKS? Where do I start? Why was an employee able to disturb what is
supposed to be an unriggable game? If GTECH does not know how many tickets
were sold, how will the loss be made right? And since when does basic
operator error mean the same thing as "computer glitch?"
------------------------------
Date: Tue, 16 May 95 11:23:26 -0400
From:
[email protected] (David Tarabar)
Subject: AOL Used For Sting by Miami TV Station
A Miami TV Station (WPLG) set up a sting operation on America
Online that resulted in the resignation of a VP at the Denver Post.
In an attempt to show how easily strangers can approach unsupervised
children on online services, the TV station created an AOL user that
pretended to be a 13 year old boy. A birthdate was clearly listed in a user
profile and the 'boy' spoke like a 13 year old who liked swimming and
skateboarding.
A user named 'Ken4boys' spoke with this 'boy' in private chats and said that
he would be coming to Florida soon, and asked, "How about a hot-oil massage
from an older guy". Ken4boys did meet an actor at an agreed upon place, but
within seconds found himself facing a TV camera and an investigative
reporter. When this news story made it's way back to Denver, Ken resigned
his position as VP of Marketing at the Denver Post.
The anonymity of online personas seems a major risk here for all involved.
The TV station was being fraudulent in its attempt to get a juicy sweeps
week story. Still it is worrisome that they were able to find someone who
appeared to use AOL to spice up his business trips. 'Ken4boys' also learned
the danger of anonymity, but it is difficult to feel sympathy for him. I
have been skeptical about the 'PCs are a danger to your kids' stories on
local news, but this is an impressive example.
I don't think that AOL is too happy about any aspect of this.
------------------------------
Date: Thu, 11 May 1995 14:28:00 -0700
From: Mark Seecof <
[email protected]>
Subject: Marketing use of medical DB
Under the headline "Eli Lilly Plans to Use PCS Unit's Database to Boost Drug
Sales" the Wall Street Journal reported on page B6, May 11, 1995 that: "Eli
Lilly & Co. sees big opportunities for expanding use of its Prozac
antidepressant and other drugs by exploring the patient database it acquired
with its $4 billion purchase of PCS Health Systems."
(Errors in the summary here may be Mark Seecof's fault). Lilly's CEO
Randall L. Tobias said that patients, as well as Lilly, would benefit from
Lilly's trolling the PCS database of prescriptions for 56 million patients
to find (a) patients whose prescriptions suggest that they may suffer from
depression manifested as several other minor illnesses--Lilly will try to
get doctors to prescribe Prozac for those patients; (b) patients who may be
taking inadvisable combinations of drugs--Lilly will warn its pharmacists
or doctors; (c) drug-treated diabetic patients who might be persuaded to
take to Lilly's Humulin insulin product.
(The story DOESN'T say) Lilly may find other ways to exploit the
prescription billing data. For example, Lilly could use it to monitor other
firms' pricing strategies. Or Lilly could match the data with other
data--for example, Lilly could match prescription billing info against
credit report or insurance (MIB) data then sell derivative information to
people. (How many landlords will rent to tenants who have prescriptions for
AZT?)
Various privacy laws may restrict some of the possible uses of the data.
But none of them will protect the people whose medical condition can be
estimated from the record of the drugs prescribed for them from unscrupulous
marketers at Lilly or even faithless clerks at Lilly willing to take bribes
from, say, skip tracers. I think that Lilly's plan to push Prozac on people
with "backaches and sleeplessness" (direct quote from Tobias) is unethical
and risky.
Mark Seecof <
[email protected]>
------------------------------
Date: Wed, 17 May 95 19:10:38 PDT
From: "Peter G. Neumann" <
[email protected]>
Subject: Safeware: System Safety and Computers, Nancy Leveson
If you have ever been seriously concerned with developing systems that must
satisfy stringent safety requirements, or expect to be sometime in the
future, you MUST read this book. Just published, it is immediately the
definitive work on software safety, and has a system perspective that is
really important. After careful consideration of the fundamentals,
requirements analysis, hazard analysis (including models and techniques),
and human interfaces are examined with loving care. Many cases familiar to
RISKS readers (Therac-25, Apollo 13, the Challenger, Bhopal, Three Mile
Island, Chernobyl, and others) are treated in considerable detail in the
appendices, and much new information is revealed. The book is useful as a
course text and as a guidebook for safety engineers. And it all fits in
680+xvii pp. Your Risks Moderator says check it out.
Author = {Nancy G. Leveson},
Title = {Safeware: System Safety and Computers},
Publisher = {Addison Wesley, Reading, Mass 01867-3999},
Year = {1995},
Note = {ISBN 0-201-11972-2}
------------------------------
Date: Wed, 17 May 95 18:58:16 PDT
From: "Peter G. Neumann" <
[email protected]>
Subject: Computers, Ethics, & Social Values, Johnson and Nissenbaum
Deborah G. Johnson and Helen Nissenbaum have come up with a superb book,
collected from a bunch of friends and colleagues with long experience and
interesting views on the titled subject. This book is absolutely essential
for anyone concerned with ethical issues related to the use of computers,
and should also be read by anyone not clear on the issues. I won't list
all the chapters and contributors, but it is a fine selection.
Author = {Deborah G. Johnson and Helen Nissenbaum},
Title = {Computers, Ethics, & Social Values},
Publisher = {Prentice Hall, Englewood Cliffs, NJ 07632},
Year = {1995},
Note = {ISBN 0-13-103110-4}
------------------------------
Date: Thu, 18 May 1995 04:48:10 -0400 (EDT)
From: "Lance J. Hoffman" <
[email protected]>
Subject: Building in Big Brother: The Cryptographic Policy Debate
A collection of readings with commentary by Prof. Lance J. Hoffman (The
George Washington University) has now been published by Springer Verlag.
>From a publisher's blurb:
"...This book presents the best readings on cryptographic policy and current
cryptography trends. ... Detailed technological descriptions of promising
new software schemes are included as well as analysis of the constitutional
issues by legal scholars. Important government cost analyses appear here
for the first time in any book. Other highlights include the text of the
new US digital telephony law and the pending encryption regulation bill and
a list of hundreds of cryptographic products available around the world.
There is even a paper on how to commit the perfect crime electronically,
using public key encryption.
Much more detailed information and a table of contents is available
by pointing your Web browser to
http://www.seas.gwu.edu/seas/instctsp/docs/book
560 pages, 19 illustrations, softcover $29.95
ISBN 0-387-94441-9
Call 1-800-SPRINGER to order, email orders to
[email protected]
Professor Lance J. Hoffman, Dept of Elec Eng and Comp Sci, The Geo
Washington U, 801 22nd St NW, Wash DC 20052 (202) 994-4955
------------------------------
Date: Wed, 17 May 95 13:44:40 EDT
From:
[email protected]
Subject: Microsoft plans corporate espionage
Microsoft officials confirm that beta versions of Windows 95 include a
small viral routine called Registration Wizard. It interrogates every
system on a network gathering intelligence on what software is being run
on which machine. It then creates a complete listing of both Microsoft's
and competitors' products by machine, which it reports to Microsoft when
customers sign up for Microsoft's Network Services, due for launch later
this year.
"In Short" column, page 88, _Information Week_ magazine, May 22, 1995
The implications of this action, and the attitude of Microsoft to plan
such action, beggars the imagination.
Chris Norloff
[email protected]
[Also reported by
[email protected] (Jim)" and
[email protected] (Brian Herzog - Sun Microsystems, Inc.).
The following analysis was also sent to RISKS by a contributor who
requested anonymity. PGN]
------------------------------
Date: Wed, 17 May 95 12:22 xxT
From: [identity withheld at submitter's request]
Subject: RISKS in Microsoft's Windows95
Sometime in the latter part of the summer, Microsoft is planning to release
their Windows95 follow-on for Windows 3.1 to the masses. Whether the effort
required to keep things working after installing the release vs. the
perceived benefits of Win95 makes the installation a sensible decision is
quite an open question. Reports from beta testers are indicating that even
for Windows experts, getting their system running again after the upgrade
can be a bad experience, given the wide variety of complex hardware,
drivers, and other components that have been integrated into Windows 3.1
environments over the years.
For Windows users who are less than experts, the problems risk being even
more serious, with various applications (or even entire systems) effectively
useless without various "tweaks", fixes, new drivers, new software, etc. In
other words, the backwards compatibility of Win95 in the real world of
people's existing Windows 3.1 installations should be an issue of grave
concern, especially among users concerned about prolonged downtime.
We may be reaching a stage where the sheer complexity of PC application
software and hardware is making the entire concept of major operating system
upgrades being installed successfully by average users extremely
problematical. It seems very likely that large numbers of Windows 3.1 users
will (or at least should) be extremely cautious about being an early adopter
of Win95.
Bya the way, here's a new feature announced for Win95 that carries new RISKS
of its own. Called "AutoPlay" it is apparently a feature of the Win95
CD-ROM driver that allows CD-ROM authors to create a special init file on
the disc that will automatically start running programs from the disc as
soon as a disc is inserted into the CD-ROM drive. From the descriptions
available so far, there doesn't seem to be a system-wide way to disable such
a feature, you have to remember to hold down the shift key on your keyboard
while inserting the disc to disable it for that particular insertion
(apparently folks with remote keyboards might just be out of luck!)
What sorts of harm could come from autoloading of CD-ROMs? Outside of the
obvious malicious applications (don't laugh, CD-ROMs are getting so cheap to
produce that all manner of nasties could be planted on purpose or by
accident), there's the obvious problem that most PC CD-ROM applications need
considerable software and disk support, often involving significant use of
disk space, changes to system-wide configuration and other driver data, etc.
It is not unusual for these changes to conflict in some manner with other
programs and installations, needing manual intervention. At least when you
do the installation manually you can stop, look for README files, etc.
before starting the guts of the install, but if the CD-ROM fires off on its
own there's no telling what might happen.
True, a reasonable CD-ROM author would query the user about this process
rather than running off and starting the install without user input, but
it's probable that many authors who want things to look "slick" won't bother
with this. In fact, Microsoft seems to be encouraging the "slick" attitude
in their description of this feature.
Another point. You're about to start seeing music CDs that carry CD-ROM
programs and data on the initial part of the disc before music track 1. If
such discs tried to make use of the Win95 AutoPlay feature, an unsuspecting
user who stuck the music disc into his or her CD-ROM player planning to hear
only music (lots of PC users play music CDs on their CD-ROM drives these
days) could end up getting a lot more than bargained for.
------------------------------
Date: Tue, 16 May 1995 13:36:02 GMT
From:
[email protected] (Brian T. Schellenberger)
Subject: Re: "Bob" passwords (Epstein, RISKS-17.12)
|if you mistype your password three times in a row, it concludes that you've
|forgotten it, and asks if you want to change it.
It's easy to make fun of this scheme, but *I* think it's a pretty good
approach. This is equivalent of the foil on your vitamins: Not tamperproof
protection, but tamper-*evident* protection.
This avoids the problems of users who aren't accustomed to password
forgetting them and getting locked out, saving Microsoft technical support a
lot of hassle. It is intended for home computers, which as a rule are not
widely accessible to the public, and don't have any password protection
currently. And it's part of a program whose "job" is not security, but user
assistance; it would be inappropriate to add security in such a program that
might lock people out of their computer.
On the other hand, a scheme that makes it evident if somebody has been
mucking around on the computer is a handy feature, and that's just what has
been achieved here. (Whether or not the product manager and/or development
team realizes it.)
I think there is a RISK in assuming that all security must be maximal.
(Not to downplay the RISK in not advertising this for what it is, if
that's what Microsoft is doing.)
Brian T. Schellenberger SAS Institute Inc. R2266 919-677-8000 x7783
[It also provides a seeming denial of service opportunity,
enabling an attacker to change EVERYONE's password. But then
even that would not matter. This is almost as good as having NO
passwords. Chances are no one would ever bother to look at the
audit trail anyway, because in the absence of meaningful
authentication, the accountability is next to worthless. PGN]
------------------------------
Date: 14 May 1995 17:42:30 GMT
From:
[email protected] (Tapani Tarvainen)
Subject: 30 February 1712 (Re: Wicklund, RISKS-17.12)
>There's an additional risk from the fact that different nations
>switched calendars at different times.
Indeed. Sweden adopted the leap-year rule of the Gregorian calendar in
1700, making it a non-leap year, but without adjusting the calendar
otherwise, so that after that Sweden was out of sync with both Julian and
Gregorian calendars. After a while they discovered it was not such a great
idea, and in 1712 Sweden moved back to Julian calendar by adding an extra
day to February, resulting in the unusual date of 30 February 1712. One
should be careful in rejecting "impossible" dates...
Tapani Tarvainen
------------------------------
Date: 10 May 1995 01:11:42 GMT
From:
[email protected] (Don Faatz)
Subject: Re: Intuit's Macintax security lapse...
Unfortunately, it doesn't take a software screw-up to mess up electronic
income taxes.
My boss has had a Compuserve account for a few years. Each year at tax
time, he receives several people's tax returns in his Compuserve e-mail. His
Compuserve E-mail address is one character different than the address of
some company that offers an electronic filing service via Compuserve.
He has contacted both Compuserve and the vendor - neither were
interested in trying to solve the problem.
The returns are encrypted in some way ...
------------------------------
Date: Tue, 16 May 1995 11:01:57 +0100 (BST)
From: "(aardvark)" <
[email protected]>
Subject: Re: "Nautilus foils wiretaps" (Garfinkel, RISKS-17.12)
Simson points out that the software is only available to the US. Now I may
not be the cleverest person in Europe, but I do have an account on a FreeNet
site in the US which for the moment will remain nameless. Now really, what
is to prevent me downloading nautilus to my free-net and from thence to
home.
Note that I am NOT indicating that I am about to do this, but it's a valid
RISK - isn't it!
Malcolm Vincent (
[email protected])
------------------------------
Date: Wed, 17 May 95 23:53 BST
From:
[email protected] (David Woolley)
Subject: Re: Cellular disturbances (Lif, RISKS-17.12)
>The new (European) digital "GSM" cellular standard produces lots of
>interference as can be heard on any radio or even HiFi amplifier
The risks here are of confusing the behaviour of faulty equipment of one
type with there being a fault in another piece of equipment, and of
generalising that to the behaviour of faulty equipment of a third type.
Also there is a risk of only seeing one side of a two sided problem.
The fault resulting in the "interference" here is in the amplifier,
which is acting as a radio receiver, or the radio receiver which is
receiving on a completely wrong frequency. (The chances are that the
radio isn't even receiving the interfering signal through its aerial.)
The transmitter can be transmitting a signal which is perfectly
contained within its allocated band, and still generate this effect.
A lot of modern electronics could be made radio immune, but isn't, to
save a small fraction on the price. The complex digital logic in a
GSM mobile is immune to its signals from only a few inches away.
The generalisation is the assumption that audio frequency interference
in an AC coupled device will have the same impact on a DC coupled device
working at 1000s of times the frequency. In fact, a radio signal which
produced no audible effect at all, might still cause misoperation of
a computer.
The other side of the coin is that computers which are susceptible to
radio transmissions, are usually very good radio transmitters themselves.
Even PCs, which are designed for domestic use, can cause severe interference
to shortwave receivers, which cannot be cured by modifications to the
receiver (remote aerials apart). The Sun in this case, probably wasn't
designed to the same standard, so would generate even more interference.
It is possible that GSM transmissions are more likely to jam susceptible
electronics, but this is not directly related to the audible effect on
faulty amplifiers, but might be the result of using higher peak powers,
although both may be the consequence of using time division multiplexing.
David Woolley, London, England
[email protected]
------------------------------
Date: Mon, 15 May 1995 21:53:09 +0200
From:
[email protected]
Subject: Re: Cellular disturbances (Lif, RISKS-17.12)
Oh, wonderful! At CERN we're replacing our beeper system with GSM
phones. This has some nice side effects, especially when you drive
in merely to discover a machine needs rebooting.
But of course, most of the folks with beepers or phones are going
to be the ones on piquet duty -- the ones who have to go in and fix
the balky computers, networks, delicate equipment, or (best of all)
those enormous, incredibly sensitive, bleeding-edge particle detectors.
And of course there's always some idiot who calls you up half an hour
into a tricky procedure to ask, "How's it going?"
"Well, it *was* going great, but now that you ask..."
Frederick Roeber
[email protected]
------------------------------
Date: Sun, 14 May 95 20:50:45 EDT
From:
[email protected] (Shawn Mamros)
Subject: Re: Internet Addiction (Goldberg, RISKS-17.12)
If one admits to the existence of "Internet addiction" as a real problem
(and it very well might be for some people), it would seem to me that putting
together a support group using an *Internet mailing list* (thus encouraging
continued use of the 'net, as opposed to therapy involving spending time
*away* from the 'net) would be precisely the *wrong* way to help these
people out...
-Shawn Mamros
[email protected]
------------------------------
Date: Mon, 15 May 95 09:28:10 EDT
From:
[email protected]
Subject: Re: Internet Addiction (Goldberg, RISKS-17.12)
In the most recent RISKS-17.12, Dr. Ivan Goldberg helpfully announced a
support group for Internet Addiction. Am I the only one who finds it ironic
that one needs access to the Internet to participate in this support group?
It seems that even if this group is successful in reducing other Internet
use, the user will continue to use the Internet via e-mail to this account.
Is this similar to announcing a support group that gets together to drink
beers and discuss their addiction to alchohol?
-Rob
[
[email protected] (Randal L. Schwartz) and
"F. Barry Mulligan" <
[email protected]> both likened it to
holding an AA meeting in a bar. PGN]
------------------------------
Date: 24 March 1995 (LAST-MODIFIED)
From:
[email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <
[email protected]>
(Dennis Rears <
[email protected]>). UK subscribers please contact
<
[email protected]>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<
[email protected]> (which is not yet automated). SUBJECT: SUBSCRIBE
or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent]
CONTRIBUTIONS: to
[email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
RISKS can also be read on the web at URL
http://catless.ncl.ac.uk/Risks
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html
(Please report any format errors to
[email protected])
RISKS ARCHIVES: "ftp unix.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP.
Issue J of volume 17 is in that directory: "get risks-17.J<CR>". For issues
of earlier volumes, "get I/risks-I.J<CR>" (where I=1 to 16, J always TWO
digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory
and I subdirectory; "bye<CR>" I and J are dummy variables here. REMEMBER,
Unix is case sensitive; file names are lower-case only. <CR>=CarriageReturn;
UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and
password. Also ftp
[email protected]. WAIS repository exists at
server.wais.com [192.216.46.98], with DB=RISK (E-mail
[email protected] for info)
or visit the web wais URL
http://www.wais.com/ .
Management Analytics Searcher Services (1st item) under
http://all.net:8080/
also contains RISKS search services, courtesy of Fred Cohen. Use wisely.
------------------------------
End of RISKS-FORUM Digest 17.13
************************
