precedence: bulk
Subject: Risks Digest 19.87
RISKS-LIST: Risks-Forum Digest Friday 17 July 1998 Volume 19 : Issue 87
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at
http://catless.ncl.ac.uk/Risks/19.87.html
Contents:
``Better DES challenge'' solved by John Gilmore and ``Deep Crack'' (Matt Blaze)
"EFF DES Cracker" machine brings honesty to crypto debate (John Gilmore)
Privacy vs. police convenience (George Dinwiddie)
First results of SOHO investigation (Jan Vorbrueggen)
AOL compounds security hole (David Cassel)
Teen-age hacker break-in article was a hoax (Martin Minow)
Gullibility Virus BEWARE! (Marc Salverson)
Re: Navy software problems (Harlan Rosenthal)
Re: Still more on TWA flight 800 (Greg Vistica)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 17 Jul 1998 03:31:45 -0400
From: Matt Blaze <
[email protected]>
Subject: ``Better DES challenge'' solved by John Gilmore and ``Deep Crack''
On June 23 1997, I offered a prize of 56 bits ($7.00) for finding a DES key
with a certain interesting property. In particular, I wanted a DES key such
that some ciphertext block of the form <XXXXXXXX> decrypts to a plaintext
block of the form <YYYYYYYY>, where X and Y represent any fixed eight-bit
byte value repeated across each of the eight bytes of the 64 bit DES
codebook block.
Finding a key of this form would require either computational effort
approximately equal to searching the DES keyspace or discovering a new
cryptanalytic technique against DES. Knowing such a key would therefore
demonstrate that it is feasible to mount an exhaustive search against the
DES keyspace or that there is some weakness in DES that allows keys to be
found analytically. This challenge, then, has the desirable property that a
result ``speaks for itself'' in demonstrating the weakness of DES, without
the need for an ``honest broker'' who must safeguard the solution. The
solution keys could not be known to any people who haven't themselves
searched the keyspace or found some other weakness. It would be just as
much of an accomplishment for me to claim the prize as it would be for
anyone else.
I am pleased to announce that the prize has been claimed. On July 2, 1998,
John Gilmore, of the Electronic Frontier Foundation, informed me that:
With a (parity-padded) key of 0E 32 92 32 EA 6D 0D 73, the plaintext
of 8787878787878787 becomes the ciphertext 0000000000000000
According to John, this solution was found after several days of work with
the EFF ``Deep Crack'' hardware, a specialized parallel processor optimized
for DES key search. Information on Deep Crack can be found at
<
http://www.eff.org/descracker>. I am especially gratified that this DES
challenge problem was chosen as the first application of the Deep Crack
hardware, and that the challenge has revealed data that might, perhaps,
yield some additional analytic clues about the structure of the DES
algorithm.
A number of individuals and organizations generously pledged additional bits
to supplement my original (quite modest) 56 bit prize, for a total over
10000 bits ($1250.00). I will be contacting these individuals privately to
inform them that their pledges have come due.
Note that although the prize has been claimed and the contest is now
officially closed, there may be other solution keys (in fact, we'd expect to
find about 255 more, if DES emulates a random permutation). I encourage the
community to continue looking for solution keys. Indeed, it would be
interesting to know how many such keys actually do exist in DES.
Congratulations John!
-matt
------------------------------
Date: Fri, 17 Jul 1998 03:23:32 -0700 (PDT)
From: John Gilmore <
[email protected]>
Subject: "EFF DES Cracker" machine brings honesty to crypto debate
CONTACTS:
Alexander Fowler, +1 202 462 5826,
[email protected]
Barry Steinhardt, +1 415 436 9333 ext. 102,
[email protected]
John Gilmore, +1 415 221 6524,
[email protected]
"EFF DES CRACKER" MACHINE BRINGS HONESTY TO CRYPTO DEBATE
ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE
SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today raised
the level of honesty in crypto politics by revealing that the Data
Encryption Standard (DES) is insecure. The U.S. government has long pressed
industry to limit encryption to DES (and even weaker forms), without
revealing how easy it is to crack. Continued adherence to this policy would
put critical infrastructures at risk; society should choose a different
course.
To prove the insecurity of DES, EFF built the first unclassified hardware
for cracking messages encoded with it. On Wednesday of this week the EFF
DES Cracker, which was built for less than $250,000, easily won RSA
Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took
the machine less than 3 days to complete the challenge, shattering the
previous record of 39 days set by a massive network of tens of thousands of
computers. The research results are fully documented in a book published
this week by EFF and O'Reilly and Associates, entitled "Cracking DES:
Secrets of Encryption Research, Wiretap Politics, and Chip Design."
"Producing a workable policy for encryption has proven a very hard political
challenge. We believe that it will only be possible to craft good policies
if all the players are honest with one another and the public," said John
Gilmore, EFF co-founder and project leader. "When the government won't
reveal relevant facts, the private sector must independently conduct the
research and publish the results so that we can all see the social
trade-offs involved in policy choices."
The nonprofit foundation designed and built the EFF DES Cracker to
counter the claim made by U.S. government officials that governments
cannot decrypt information when protected by DES, or that it would
take multimillion-dollar networks of computers months to decrypt one
message. "The government has used that claim to justify policies of
weak encryption and 'key recovery,' which erode privacy and security
in the digital age," said EFF Executive Director Barry Steinhardt. It
is now time for an honest and fully informed debate, which we believe
will lead to a reversal of these policies."
"EFF has proved what has been argued by scientists for twenty years, that
DES can be cracked quickly and inexpensively," said Gilmore. "Now that the
public knows, it will not be fooled into buying products that promise real
privacy but only deliver DES. This will prevent manufacturers from buckling
under government pressure to 'dumb down' their products, since such products
will no longer sell." Steinhardt added, "If a small nonprofit can crack
DES, your competitors can too. Five years from now some teenager may well
build a DES Cracker as her high school science fair project."
The Data Encryption Standard, adopted as a federal standard in 1977 to
protect unclassified communications and data, was designed by IBM and
modified by the National Security Agency. It uses 56-bit keys, meaning a
user must employ precisely the right combination of 56 1s and 0s to decode
information correctly. DES accounted for more than $125 million annually in
software and hardware sales, according to a 1993 article in "Federal
Computer Week." Trusted Information Systems reported last December that DES
can be found in 281 foreign and 466 domestic encryption products, which
accounts for between a third and half of the market.
A DES cracker is a machine that can read information encrypted with DES by
finding the key that was used to encrypt that data. DES crackers have been
researched by scientists and speculated about in the popular literature on
cryptography since the 1970s. The design of the EFF DES Cracker consists of
an ordinary personal computer connected to a large array of custom chips.
It took EFF less than one year to build and cost less than $250,000.
This week marks the first public test of the EFF DES Cracker, which won the
latest DES-cracking speed competition sponsored by RSA Laboratories
(
http://www.rsa.com/rsalabs/). Two previous RSA challenges proved that
massive collections of computers coordinated over the Internet could
successfully crack DES. Beginning Monday morning, the EFF DES Cracker began
searching for the correct answer to this latest challenge, the RSA DES
Challenge II-2. In less than 3 days of searching, the EFF DES Cracker found
the correct key. "We searched more than 88 billion keys every second, for
56 hours, before we found the right 56-bit key to decrypt the answer to the
RSA challenge, which was 'It's time for those 128-, 192-, and 256-bit
keys,'" said Gilmore.
Many of the world's top cryptographers agree that the EFF DES Cracker
represents a fundamental breakthrough in how we evaluate computer security
and the public policies that control its use. "With the advent of the EFF
DES Cracker machine, the game changes forever," said Whitfield Diffie,
Distinguished Engineer at Sun Microsystems and famed co-inventor of public
key cryptography. "Vast Internet collaborations cannot be concealed and so
they cannot be used to attack real, secret messages. The EFF DES Cracker
shows that it is easy to build search engines that can."
"The news is not that a DES cracker can be built; we've known that for
years," said Bruce Schneier, the President of Counterpane Systems. "The
news is that it can be built cheaply using off-the-shelf technology and
minimal engineering, even though the department of Justice and the FBI have
been denying that this was possible." Matt Blaze, a cryptographer at AT&T
Labs, agreed: "Today's announcement is significant because it unambiguously
demonstrates that DES is vulnerable, even to attackers with relatively
modest resources. The existence of the EFF DES Cracker proves that the
threat of "brute force" DES key search is a reality. Although the
cryptographic community has understood for years that DES keys are much too
small, DES-based systems are still being designed and used today. Today's
announcement should dissuade anyone from using DES."
EFF and O'Reilly and Associates have published a book about the EFF DES
Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap Politics,
and Chip Design." The book contains the complete design details for the EFF
DES Cracker chips, boards, and software. This provides other researchers
with the necessary data to fully reproduce, validate, and/or improve on
EFF's research, an important step in the scientific method. The book is
only available on paper because U.S. export controls on encryption
potentially make it a crime to publish such information on the Internet.
EFF has prepared a background document on the EFF DES Cracker, which
includes the foreword by Whitfield Diffie to "Cracking DES." See
http://www.eff.org/descracker/. The book can be ordered for worldwide
delivery from O'Reilly & Associates at
http://www.ora.com/catalog/crackdes,
+1 800 998 9938, or +1 707 829 0515.
**********
The Electronic Frontier Foundation is one of the leading civil liberties
organizations devoted to ensuring that the Internet remains the world's
first truly global vehicle for free speech, and that the privacy and
security of all on-line communication is preserved. Founded in 1990 as a
nonprofit, public interest organization, EFF is based in San Francisco,
California. EFF maintains an extensive archive of information on encryption
policy, privacy, and free speech at
http://www.eff.org.
Alexander Fowler
Director of Public Affairs
Electronic Frontier Foundation
E-mail:
[email protected]
Tel/Fax: 202 462 5826 (East Coast)
Tel: 415 436 9333; Fax 415 436 9993 (West Coast)
You can find EFF on the Web at <
http://www.eff.org>
EFF supports the Global Internet Liberty Campaign
<
http://www.gilc.org>
------------------------------
Date: Fri, 17 Jul 98 9:44:00 EDT
From:
[email protected]
Subject: Privacy vs. police convenience
FBI seeks access to cellphone locations
According to *The New York Times*, FBI Director Louis Freeh has asked that
the precise locations of cellular phone users be provided without a court
order in "emergencies," including the suspicion of a felony, the pursuit of
a fugitive or cases where human safety is deemed to be in jeopardy. The FBI
has asked the Senate Appropriations Committee to add language to an
appropriations bill to require phone companies to provide such information.
The technology to be used allows the triangulation of any cell phone that is
turned on within the cellular network; it does not have to be in the process
of a call.
The risks are obvious. What is not obvious is when a policeman might NOT
have a suspicion that a felony is being or has been committed. Isn't such a
suspicion a natural part of conducting the business of a policeman?
http://www.nytimes.com/library/tech/98/07/biztech/articles/17tap.html
George Dinwiddie, Century Computing, Inc., 8101 Sandy Spring Road, Suite 200
Laurel, MD 20707
http://www.cen.com/ (301) 953-3330
[email protected]
------------------------------
Date: 17 Jul 1998 12:15:45 +0200
From: Jan Vorbrueggen <
[email protected]>
Subject: First results of SOHO investigation
ESA has just issued a press release with first results of why the SOHO
satellite went out of control. It's a nice example of how apparently
unconnected errors, including one of incorrect human interpretation of the
situation, can conspire and lead to failure.
In brief, a preprogrammed command sequence did not switch on a gyro (which
senses changes in the spacecraft's attitude); this gyro, one of three, is
usually off to conserve service life, but is required in specific situations
as a backup and safeguard if something goes wrong. A second sequence
erroneously did not reset the gain on another gyro, which was being used
during a maintenance operation as a fault detector (basically checking, with
increased sensitivity, that the attitude control system managed to hold SOHO
stable during that operation). After the maintenance operation, the
increased gain on the second gyro lead to the control system detecting a
fault, as it interpreted the output from the gyro as a much larger change in
attitude than it really was. During recovery from this fault, the wrong gain
setting was noted and corrected, and the first gyro - unintentionally off -
was being used to control SOHO. Now, the read-out of a gyro always has a
bias when operating, i.e., zero actual change is read as a non-zero measured
rate. This bias is a calibration constant and automatically subtracted by
the control software from the measured values, as these are integrated over
time to yield the actual attitude. Because this gyro was off, the measured
value was zero; thus, the software kept integrating a constant, namely the
negative of the bias, until it thought the satellite was off the commanded
attitude, which triggered a second fault. During recovery from this fault,
controllers thought the first, non-operational gyro was functioning,
interpreted the data they were seeing as the second, functional gyro as
being suspect, and switched it off! Shades of the crew shutting down the
wrong engine on that British 737 some years ago. At this point, SOHO was
still under control, albeit with an unintended slow spin. During the further
recovery process, however, the attitude control system tried to compensate
for what it thought was an attitude deviation (which in reality was only the
first gyro's time-integrated bias), and the resulting spin soon exceeded the
controller's ability to handle it, sending the satellite out of control.
What I find astonishing is that the whole incident results from a single bit
of misinformation, namely the operational status of the first gyro. Had the
ground crew noted the fact that it wasn't in operation, the incident could
have been avoided in spite of the previous operational errors. The press
release does not indicate whether the ground crew did not have or did not
consider this information, or whether, in the former case, it could or
should have tried to obtain it before making any decision. Also, it seems
likely that a more considered response to the second fault would have been
to bring the third gyro up as a backup before turning off the second one and
proceeding with recovery.
Jan Vorbrueggen, Institut f. Neuroinformatik, Ruhr-Universitaet Bochum
[email protected]
[Ben Hines <
[email protected]> also commented on the report,
"SOHO Mission Interruption Preliminary Status and Background Report",
which he noted can be found at
http://umbra.nascom.nasa.gov/soho/prelim_and_background_rept.html]
------------------------------
Date: Fri, 17 Jul 1998 09:37:38 -0700 (PDT)
From: David Cassel <
[email protected]>
Subject: AOL compounds security hole
Remember the flap when AOL leaked the real-life name behind the screen
name of a navy sailor? 1363 real-life names were stolen last month when
an attacker made off with a "duty roster" for AOL's remote staff.
http://www.news.com/News/Item/0,4,23726,00.html
The information ultimately found its way to reporters. Several of the
staffers said they received taunting e-mail, including their name and
screen name, which claimed the information had not only been kept on-line,
but had been unnecessarily cc'd via e-mail to five different managers --
and that messages had lingered in one manager's inbox for over a month
(instead of being read and deleted promptly.)
C|Net interviewed the attacker, who says AOL has a "bad" customer service
employee who granted access to the necessary manager's account. An AOL
source told me that's their suspicion as well.
http://www.news.com/Rumormill/Archives/1998/rum7_9_98.html
http://www.aolsucks.org/list/0097.html
AOL recently restricted the ability to re-set passwords to fewer people --
but the breach occurred just a few days before those changes went into
effect. The attacker's warning is probably good advice. A breach can be
made worse if sensitive e-mail isn't read and deleted quickly -- and if
sensitive information is being distributed on-line to several accounts.
David Cassel, Editor, AOL Watch -
http://www.aolwatch.org
------------------------------
Date: Wed, 15 Jul 1998 20:38:17 -0700
From: Martin Minow <
[email protected]>
Subject: Teen-age hacker break-in article was a hoax
Remember that story in *The New Republic* about the 15-year-old kid who
broke into a corporate database and posted employee salaries and pictures of
naked women on its web site? According to an editor's note in Paul
Krassner's newsletter, The Realist, "it turned out to have been a total
invention of associate editor Stephen Glass, who was fired as a result."
Disclaimer: as a matter of editorial policy, The Realist does not
distinguish between its fictional and factual articles. In this way,
Krassner may have anticipated the Internet by 30 years.
Martin Minow,
[email protected]
[People who thrive on Glass browses shouldn't know groans? PGN]
------------------------------
Date: Fri, 17 Jul 1998 12:52:17 -0500
From: "Salverson, Marc" <
[email protected]>
Subject: Gullibility Virus BEWARE!
This is what I send out when someone warns me about opening any e-mail with
GOOD TIMES in the subject line.
- Marc
*************************************************************
WARNING, CAUTION, DANGER, AND BEWARE!
Gullibility Virus Spreading over the Internet!
*************************************************************
WASHINGTON, D.C.--The Institute for the Investigation of Irregular Internet
Phenomena announced today that many Internet users are becoming infected by
a new virus that causes them to believe without question every groundless
story, legend, and dire warning that shows up in their inbox or on their
browser. The Gullibility Virus, as it is called, apparently makes people
believe and forward copies of silly hoaxes relating to cookie recipes, email
viruses, taxes on modems, and get-rich-quick schemes.
"These are not just readers of tabloids or people who buy lottery tickets
based on fortune cookie numbers," a spokesman said. "Most are otherwise
normal people, who would laugh at the same stories if told to them by a
stranger on a street corner." However, once these same people become
infected with the Gullibility Virus, they believe anything they read on the
Internet.
"My immunity to tall tales and bizarre claims is all gone," reported one
weeping victim. "I believe every warning message and sick child story my
friends forward to me, even though most of the messages are anonymous."
Another victim, now in remission, added, "When I first heard about Good
Times, I just accepted it without question. After all, there were dozens of
other recipients on the mail header, so I thought the virus must be true."
It was a long time, the victim said, before she could stand up at a Hoaxees
Anonymous meeting and state, "My name is Jane, and I've been hoaxed." Now,
however, she is spreading the word. "Challenge and check whatever you read,"
she says.
Internet users are urged to examine themselves for symptoms of the virus,
which include the following:
The willingness to believe improbable stories without thinking. The
urge to forward multiple copies of such stories to others. A lack of
desire to take three minutes to check to see if a story is true.
T. C. is an example of someone recently infected. He told one reporter,
"I read on the Net that the major ingredient in almost all shampoos
makes your hair fall out, so I've stopped using shampoo." When told
about the Gullibility Virus, T. C. said he would stop reading email, so that
he would not become infected.
Anyone with symptoms like these is urged to seek help immediately.
Experts recommend that at the first feelings of gullibility, Internet
users rush to their favorite search engine and look up the item tempting
them to thoughtless credence. Most hoaxes, legends, and tall tales have
been widely discussed and exposed by the Internet community.
Courses in critical thinking are also widely available, and there is
online help from many sources, including
Department of Energy Computer Incident Advisory Capability at
http://ciac.llnl.gov/ciac/CIACHoaxes.html
Symantec Anti Virus Research Center at
http://www.symantec.com/avcenter/index.html
McAfee Associates Virus Hoax List at
http://www.mcafee.com/support/hoax.html
Dr. Solomons Hoax Page at
http://www.drsolomons.com/vircen/hoax.html
The Urban Legends Web Site at
http://www.urbanlegends.com
Urban Legends Reference Pages at
http://www.snopes.com
Datafellows Hoax Warnings at
http://www.Europe.Datafellows.com/news/hoax.htm
Those people who are still symptom free can help inoculate themselves
against the Gullibility Virus by reading some good material on evaluating
sources, such as
Evaluating Internet Research Sources at
http://www.sccu.edu/faculty/R_Harris/evalu8it.htm
Evaluation of Information Sources at
http://www.vuw.ac.nz/~agsmith/evaln/evaln.htm
Bibliography on Evaluating Internet Resources at
http://refserver.lib.vt.edu/libinst/critTHINK.HTM
Lastly, as a public service, Internet users can help stamp out the
Gullibility Virus by sending copies of this message to anyone who forwards
them a hoax.
------------------------------
Date: Fri, 17 Jul 1998 09:21:39
From: Harlan Rosenthal <
[email protected]>
Subject: Re: Navy software problems (RISKS-19.86)
> The Aegis Baseline 6 ... Engineers are having trouble getting
> the new systems to work with each other and with the ships' legacy software.
How about we draft the people who have made it possible to play Wing
Commander, and Descent:Freespace, and Jane's F15, and Quake, and Diablo,
cooperatively/competitively across the net? I always have this same
reaction when issues of air traffic control come up, too; a Pentium or G3
dedicated to each plane in the air, and a 100baseT network, should be able
to handle both the calculations and dataflow . . . combat would admittedly
be harder.
-harlan
------------------------------
Date: Fri, 17 Jul 1998 12:45:59 -0400
From: "Vistica, Greg" <
[email protected]>
Subject: Re: Still more on TWA flight 800 (RISKS-19.85)
This has not previously been reported to my knowledge, and occurred before
the Scarry study:
Last year, a reputable Pentagon investigator I know informed the FBI that
the TWA 747 had been struck by high radiation and wondered if this could
have set off a spark igniting the blast. The FBI said thanks and never
called him back. Greg Vistica.
------------------------------
Date: 31 Mar 1998 (LAST-MODIFIED)
From:
[email protected]
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <
[email protected]> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <
[email protected]> (Dennis Rears).
.UK users should contact <
[email protected]>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to
[email protected] with meaningful SUBJECT: line.
=> ARCHIVES are available:
ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 18" for volume 18]
or
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
The ftp.sri.com site risks directory also contains the most recent
PostScript copy of PGN's comprehensive historical summary of one liners:
get illustrative.PS
------------------------------
End of RISKS-FORUM Digest 19.87
************************
