27-Mar-86 00:22:27-PST,5928;000000000000
Mail-From: NEUMANN created at 27-Mar-86 00:20:50
Date: Thu 27 Mar 86 00:20:50-PST
From: RISKS FORUM    (Peter G. Neumann, Coordinator) <[email protected]>
Subject: RISKS-2.34
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest,  Thursday, 27 Mar 1986  Volume 2 : Issue 34

          FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
  ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
 RSO's and IIP's - Martin Moore's response (Henry Spencer)
 Range Safety: a final word (Martin Moore)
 Someone really sophisticated, with a Ph.D... (Nigel Roberts, Keith F. Lynch)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious.  Diversity is welcome.
(Contributions to [email protected], Requests to [email protected].)
(Back issues Vol i Issue j stored in SRI-CSL:<RISKS>RISKS-i.j.  Vol 1: MAXj=45)

----------------------------------------------------------------------

Date: Wed, 26 Mar 86 20:45:04 EST
From: [email protected]
To: [email protected]
Subject: Re: RSO's and IIP's - Martin Moore's response

> Now, to answer your question, missiles launched at the Cape NEVER fly over
> land intentionally except at the very first seconds (unavoidable) or during a
> shuttle landing...  This is why the launch facility at Vandenberg was built;
> shuttles cannot be launched into polar orbits from the Cape because there is
> land both due north and due south...

As an example of how bureaucratic priorities can sometimes override known
safety considerations, it is worth noting that the Office of Mismanagement
and Bean-counting did suggest saving the cost of the Vandenberg shuttle
facility by launching north from KSC.  This idea was a non-starter for about
five different reasons, range safety not least.  It's amazing that it was
ever suggested, but it was -- quite seriously.

                               Henry Spencer @ U of Toronto Zoology
                               {allegra,ihnp4,linus,decvax}!utzoo!henry

------------------------------

Received: from eglin-vax.ARPA [...] Mon 24 Mar 86 07:10:36-PST
Date: 0  0 00:00:00 CDT
From: "MARTIN J. MOORE" <mooremj@eglin-vax>
Subject: Range Safety: a final word
To: "risks" <risks@sri-csl>

Apparently I confused a few people judging by the mail I've gotten...what I
said about missiles launched at the Cape not flying over land applies ONLY TO
MISSILES IN THE LAUNCH PHASE.  Obviously, satellites in orbit pass over a
large part of the Earth's surface.  And as another contributor pointed out,
some test ranges routinely fly missiles over land; I was talking only about
the Cape, which does not.

I think this discussion is reaching the point of diminishing returns from the
RISKS viewpoint.  I will continue to answer detailed questions by personal
mail, but let's move them out of RISKS.

                                       /mjm                [PGN concurs.]

------------------------------

Date: Monday, 24 Mar 1986 05:26:49-PST
From: roberts%[email protected]
To: [email protected], roberts%[email protected]
Subject: Someone really sophisticated, with a Ph.D...

 ----------reply to mail dated 24-MAR-1986 06:19 [RISKS-2.33]-----------

 >     ''It is possible to break into a system if all physical and software
 > security measures are ignored,'' Armstrong said.
 >     ''But it would take someone really sophisticated, with a Ph.D. in math
 > or computer science.''

Since when does a Ph.D in math, or even one in Computer Science, teach you
how to be a hacker (either kind)?

Most of the "Computer Burglars" I have come across were entirely self-taught.

Nigel.
      [I presume that is why Geoff titled it the way he did.  It is guys
       such as Armstrong who are headstrong -- except that their heads are
       in the sand.  They really believe it takes sophistication.  Readers
       of RISKS supposedly know better, although I have tried to be fairly
       gentle in exposing gross security flaws in existing systems.  PGN]

------------------------------

Date: Mon, 24 Mar 86 22:06:43 EST
From: "Keith F. Lynch" <[email protected]>
Subject: Someone really sophisticated, with a Ph.D...
To: [email protected]
cc: [email protected]

 There was a story on the front page of the Washington Post on February
20th headlined "Maryland Computer Whiz Kid Faces Seven Theft Charges" and
subsubtitled "Credit Card Numbers Shared Electronically".  It described a 15
year old who got credit card numbers off a pirate CBBS and ordered computer
equipment over the phone to be sent to a vacant house.  Other than this, the
"whiz kid" did nothing at all remotely exceptional.
 It looks to me like the wave of computer hysteria still hasn't passed.
One of our Senators here in Virginia is introducing a bill to allow
unlimited government snooping into personal computer files on the grounds
that there might be data on child molestation (!) on the floppies.  Seems to
be an equally good case could be made on those grounds for warrantless
searches of personal papers, and any other violations of the Bill of Rights
I can think of.
 Computer security is the responsibility of system managers.  There is a
growing trend toward making microcomputers, often with no security systems
at all, available over phone lines.  Unknown phone numbers are NOT good
security.  Lots of kids dial numbers randomly searching for modem carriers.
 And there can be NO excuse for not having important data backed up.
To make frequent backups should be the first thing anyone learns about
computers.  And being able to easily and frequently save state is one
of the most important things any program should do.
                                                               ...Keith

------------------------------

End of RISKS-FORUM Digest
************************
-------