RISKS-LIST: RISKS-FORUM Digest Tuesday, 22 December 1987 Volume 5 : Issue 81
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
The Christmas Card Caper, (hopefully) concluded (Joe Morris)
The Virus of Christmas Past (Una Smith)
Viruses and "anti-bodies" (Brewster Kahle)
Cleaning Your PC Can Be Hazardous to Your Health (Brian M. Clapper)
Product liability (Mark A. Fulk)
Squirrels, mice, bugs, and Grace Hopper's moth (Peter Mabey)
Fire at O'Hare (Computerworld, Dec 14 issue) (Haynes)
American Express computer problem (Frank Wales)
NYT article on computers in stock crash (Hal Perkins)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
Contributions to
[email protected], Requests to
[email protected].
For Vol i issue j, FTP SRI.COM, CD STRIPE:<RISKS>, GET RISKS-i.j.
Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97).
----------------------------------------------------------------------
Organization: The MITRE Corp., Washington, D.C.
To:
[email protected]
Subject: The Christmas Card Caper, (hopefully) concluded
Date: Mon, 21 Dec 87 11:45:03 EST
From: Joe Morris (
[email protected]) <
[email protected]>
The following item was posted on the VMSHARE bulletin board. It describes
the origin of the CHRISTMAS EXEC file, and makes valid points about the
inability of computer systems to automatically recognize some types of
ill-behaved programs quickly enough to prevent damage to a network.
(VMSHARE is a closed bulletin board operated for the use of VM installations
who are members of SHARE, the large IBM mainframe user group. Shadow copies
of the VMSHARE traffic are distributed to many other nets, including VNET
and BITNET.)
Joe Morris (jcmorris@mitre)
Append on 12/19/87 at 20:10 by Melinda Varian <BITNET: MAINT@PUCC>:
The following statement, from a member of the EARN Board, answers the
queries about the origin of the CHRISTMA EXEC. Clausthal-Zellerfeld
is quite a new VM installation. When Heinz Haunhorst, of their staff,
was notified that the first appearances of the virus on the networks
originated at his node, he pursued the matter vigorously and skillfully.
Helmut Woehlbier, of the Technical University of Braunschweig, also did
an excellent job in helping to determine the originating node.
<> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Wed, 16 Dec 87 18:33:58 GMT
Sender: EARN Technical Group <EARNTECH@EB0UB011>
From: Michael Hebgen <$02@DHDURZ1>
Comments: To: EARN Executive <EARNEXEC@IRLEARN>,
EARN Board of Directors <EARN-BOD@IRLEARN>
Comments: cc: German EARN Executive <DEARNEX@DHDURZ1>,
German EARN node administrators <DEARNADM@DEARN>,
Heinz Haunhorst <HENRY@DCZTU1>,
"Dr. Gerald Lange" <LANGE@DCZTU1>,
Otto Bernd Kirchner <KIRCHNER@DS0IBM1>
To: Melinda Varian <MAINT@PUCC>
Subject: CHRISTMAS EXEC
Dear colleagues,
after some very sophisticated detective work it is clear that the origin
of the CHRISTMAS EXEC is the EARN node DCZTU1. A student there has writ-
ten this EXEC to send christmas greetings to his colleagues and another
student has used it without knowing what he is doing (as many of our
network users) and started the explosion.
The node DCZTU1 has already blocked the Userid of the author and done
all necessary steps. Every node in the network can be the next starting
point of a similar explosion and distribute virus programms or other
bad things.
As far as I know the EDP-systems there is no way to prevent users from
their own mistakes. The only solution I can think of for this type of
behaviour is to observe "EDP-hygiene":
If you receive an executable file (EXEC, CLIST, program) from another
might be unknown user do N O T execute without control because it
can result in gross missdemanour and serious damage.
Check all EXECs/CLISTs, what they are doing, before you execute them
and check all executable programs, where they come from and what
they do.
As in normal life uncontrolled behaviour may result in serious
consequences (I am not going to mention AIDS). You as a user are
responsable for all what you are doing.
I propose to include such statements (in better english formulation) into
the CODE OF CONDUCT and to start an "enlightenment" process for the end-
users
Best regards, m[e]rry christmas (without tree) and a happy new year
Michael Hebgen
EARN director of Germany and
General secretary of EARN
*** APPENDED 12/19/87 20:10:47 BY PU/MELINDA ***
ADDED NOTE FROM JOE MORRIS:
Did any contributor suggest how the message jumped from EARN (or BITNET) into
VNET? Supposedly the gateways (one at Yorktown, I believe) are monitored
closely so that the ability of a message to cross without supervision
is quite limited. I'm told that a few years ago there was something of a
major flap when a meeting of relatively high IBM brass was shown a message
Melinda Varian (the BITNET source of the EARN message I forwarded) had sent
to an IBM'er via VNET (WITH the permission of IBM...upper management in IBM
just hadn't been aware of the arrangement). My guess would be that it came
through an account on a customer machine but assigned to an IBM'er who could
pass mail into the IBM network.
Thought for the week: was this supposed to be a demonstration of a computerized
Christmas distribution TREE?
Second thought on the word "tree" (swiped from an undergraduate thesis at
MIT from the 60's):
Problems are posed by fools like me,
but only heuristics can search a tree.
Joe Morris
------------------------------
Date: Tue, 22 Dec 87 13:32:07 EST
From: Una Smith <0402909%
[email protected]>
Subject: The Virus of Christmas Past (Re: RISKS-5.80)
To:
[email protected]
Re the discussion of receiving run-able mail files (sometimes viruses)
via BITNET.
A few years ago I received 2 pieces of mail, an XMAS EXEC written in
EXEC2 and a compiled module of some sort. The module was hard to break
into, so no one I knew then knew how to tell what it did without running
it. Well, it was a very nice, benign bug:
First, it imitated all the usual system messages one gets when logging off,
up to the full-screen VM370 logo. Then, slowly, the logo disintegrated
into a night time scene of a cottage on a snowy hillside under some pine
trees, smoke floating out of the chimney (the "smoke" was made up of
phrases; "s..m..o..k..e" and "M..e..r..r..y...C..h..r..i..s..t..m..a..s",
etc.), and snow flakes "*" falling from the sky. Elapsed time: about
5 minutes. Then it quit, abruptly leaving you sitting in front of a
terminal in some dingy office or terminal room, just as you were before.
The clue to this so-called Christmas card's origin was that the usual
machine name in the lower right was replaced with, if I remember
correctly, PSUVM. Has anyone on the net now got an old copy of that
somewhere? I didn't keep mine.
------------------------------
Date: Tue, 22 Dec 87 10:19:32 EST
From:
[email protected]
To:
[email protected]
Subject: viruses and "anti-bodies"
Risks, recently, has been filled with reports of specific virus and how to kill
them manually. Has there been any work on "anti-bodies" that attack specific
viruses? It seems that contributors have enough knowledge about each virus to
build such beasts. Such programs might push the state of the art, reduce the
effect of viruses, and keep down the traffic on this list.
-brewster
[A certain amount can be done contextually, e.g., with specific file
names. Paul Karger has suggested something similar for Trojan horses.
See his paper in the 1987 IEEE Symposium on Security and Privacy. But
such techniques are intrinsically incomplete. PGN]
------------------------------
Date: Tue, 22 Dec 87 09:57:26 EST
From:
[email protected] (Brian M. Clapper)
To:
[email protected]
Subject: Cleaning Your PC Can Be Hazardous to Your Health
The following news bulletin appeared on our mail machine this morning:
"Recently a flash fire occurred at a Navy lab when an employee attempted
to clean his computer screen using an alcohol based cleaner. An
investigation revealed that the employee sprayed the cleaner directly
at the unit while it was turned on. Static electricity which had built
up on the screen then ignited the atomized cleaner. To prevent a
similar occurrence here, all PC users are cautioned to turn off their
screens before cleaning, and to dampen a cloth with the cleaner before
wiping the screen rather than spraying it at the screen."
Brian M. Clapper, Naval Air Development Center, Warminster, PA 18976
------------------------------
Date: Mon, 21 Dec 87 11:24:30 EST
From:
[email protected]
To:
[email protected]
Subject: Product liability
It seems to me that a large number of problems with product liability
arise from a propensity to confuse two issues: _liability_ and _negligence_.
If the use of a product carries with it a certain, irreducible risk of
injury, then the manufacturer SHOULD be liable for the damages resulting.
That liability SHOULD result in increased costs to the users of the
product (or to the public in general, in the case of mass vaccines).
After all, the damages are part of the cost of the product. Such a liability
should be limited to actual damages, meaning such things as medical costs,
loss of earning power, and _reasonable_ (capped) compensation for pain and
suffering. In particular, _punitive_ damages should be reserved for cases
of negligence. Part of the result is that this sort of liability ought to
result in predictable costs to the manufacturer, so that it can include those
costs in the final price. Finally, most such liability cases should be
resolved in administrative courts with low legal costs and short delays.
Cases of negligence arise when someone fails to take reasonable and prudent
care; for example, the Ford Pinto sort of case. In such cases the present
system is perfectly reasonable, with contingency fees and the like.
I would not want to see lawyer's fees fixed for such cases, as I believe
that would deny legal protection to the poor and would prevent pursuit
of cases against the largest and wealthiest defendants. If, as is often
asserted, manufacturers are wrongly found negligent because a jury wants
to compensate some obviously suffering individual, then the compensation
under the liability-no-negligence system should satisfy the jury's desires.
Such a system requires specifying a number of special cases; for example,
if a corporation buys an expert system, they presumably have access to
someone who can explain the risks inherent in using that system. In
such cases, sharp limits on non-negligent liability are reasonable. It
would not be the author's fault if the company managed the entire pension
fund with his financial system.
In general, if we were to shift to such a split system of liability, it
would take us quite a while and quite a bit of experience to develop
the details. Finally, I would like to add that this idea is not original
with me; I first saw it advocated in an editorial in Nature.
Mark A. Fulk
[email protected]
P.S. This is not to say that government-imposed fines and the like are
not also appropriate. They are simply insufficient, as the government
frequently lacks the stomach to take on offenders. The tort system
provides a channel for citizen-originated complaints to get a hearing
in front of disinterested parties.
------------------------------
From: Peter Mabey <
[email protected]>
Date: Mon, 21 Dec 87 16:13:24 GMT
To:
[email protected]
Subject: Squirrels, mice, bugs, and Grace Hopper's moth (Re: RISKS-5.78)
Organization: STL,Harlow,UK.
> Squirrels, mice, bugs, and Grace Hopper's moth (Mark Mandel) ...
>
>The word "bug", in the sense we use in the computer world, did NOT
>originate with "Amazing" Grace Hopper's moth. ...
According to the Oxford English Dictionary (Supplement I), the first
recorded use of the term in print is a quote from Edison in the Pall Mall
Gazette of 1889 - so it's probably coming up to its centenary now.
Peter Mabey (phm@stl ...!mcvax!ukc!stl!phm +44-279-29531 x3596)
Standard Technology Ltd., London Road, Harlow, Essex CM17 9NA, U.K.
------------------------------
Date: Tue, 22 Dec 87 11:45:25 PST
From:
[email protected] (99700000)
To:
[email protected]
Subject: Fire at O'Hare (Computerworld, Dec 14 issue)
Has an article about another fire resulting in melted cables, this time a
fire at O'Hare that put United Airlines out of operation.
And has a special section on computer security. No better than one would
expect from Computerworld, but that's it.
------------------------------
Date: Fri, 18 Dec 87 17:23:52 GMT
From: Frank Wales <
[email protected]>
To: RISKS <
[email protected]>
Subject: American Express computer problem
Organization: Zengrange Limited, Leeds, England
You may be interested in a letter I received this morning from American
Express; its text is as follows:
[the letter is verbatim -- the poor grammar is theirs, not mine]
Dear Mr Wales
I regret to advise you that a problem has arisen concerning
access to our Automated Teller Machine network.
As you know a Personal Identification Number (PIN) is needed to
use these machines. Due to an internal system error your
unique PIN has been deleted. The effect of which, is to deny
you access to cash or Travellers Cheque withdrawal. Would you
please call London (01) [...] or Brighton [...]
where our staff will immediately amend our records with the PIN
of your choice. When telephoning, please be prepared to answer
two or three questions about your personal details so that we
can maintain the necessary security.
I am very sorry for the inconvenience this must cause.
Yours sincerely
(signed by Xerox)
N.Colwell
Director
Customer Services
[I have deleted the telephone numbers above, for obvious reasons. PGN]
First of all, because the numbers are not normal customer service numbers, I
called the 24-hour Emergency number (the normal Customer Service number was
busy, as usual), and made sure that the letter was not a scam. I was told,
after some rummaging around by the operator, that both were legitimate Amex
numbers. I then called the London one, and found that, according to the
exchange, it didn't exist. I then called the Brighton one and, after being
asked to hold for so long that the operator had to physically go and get her
supervisor, sorted out my PIN with them.
In the course of this, I asked what had happened: (I'm paraphrasing here --
it was an hour ago)
Amex: "A slight computer problem; nothing to worry about."
Me: "You mean you've had a security breach?"
Amex: "No, no. Nothing like that. That's impossible. Our systems are
completely confidential. Someone was just transferring some information onto
one of our systems, to make it more efficient, you know, and some information
got deleted in the process. We didn't even know until members started
calling us up to ask why their cards were being rejected by dispensers."
I didn't ask where their backups were -- they obviously didn't have any,
or they wouldn't have been reduced to admitting their failure to their
customers.
Aside from Amex's dubious practice of actually asking customers to write
down a PIN and post it to them (or, in this case, tell them over the phone),
something which both astonishes and amuses my Bank Manager, what does
this episode reveal about American Express's computer systems and procedures,
often touted as being among the best in the banking business?
[As a side note, I'm also not too convinced that the questions about
personal details are good enough to convince them that I am who I say I am;
I know that the information I gave wouldn't convince *me*. But that's an
issue for another day.]
Frank Wales, Development Engineer, [
[email protected]<->mcvax!zen.co.uk!frank]
Zengrange Ltd., Greenfield Rd., Leeds, ENGLAND, LS9 8DB. (+44) 532 489048 x220
------------------------------
Date: Mon, 21 Dec 87 21:48:36 EST
From:
[email protected] (Hal Perkins)
To:
[email protected]
Subject: NYT article on computers in stock crash
[Last week the New York Times ran a series of articles analyzing the
stock market crash. One was on the role of computers in the crash.
It's too long to include the whole thing in Risks. These excerpts
concentrate on the unplanned and unexpected and omit background
information about program trading, etc. I highly recommend the entire
article to anyone who is interested in the subject. It also is good
holiday reading for any Star Wars fans who believe that computers can
be programmed to direct a real-time battle successfully. HP]
From The New York Times, Tuesday, December 15, 1987. Page 1.
The Computer's Contribution to the Rise and Fall of Stocks
by David E. Sanger
In the span of a few hours, the stock market's October collapse drove
home the fact that new technology has done far more to Wall Street than
just accelerate the tempo of trading.
Securities firms have always embraced innovations that promised to
improve their profits. During this decade... brokerages spent millions
of dollars on electronic networks... [and on] complex computerized
trading techniques to exploit the flood of information.
But in the process, the new generation of hardware and software
fundamentally altered the way buying and selling decisions were made.
And they subtly magnified the degree of risk that investors and traders
routinely accepted.
.. [B]ig investors, seeking an advantage measured in seconds, were
often led to abandon independent judgement in favor of executing
trading strategies programmed into their computers.
On Monday, Oct. 19, Wall Street's legendary herd instincts, now
embedded in digital code and amplified by hundreds of computers, helped
turn a selloff into a panic....
"We are learning that when we compress the time in which things happen,
they happen differently," said Robert A. Brusca, the chief economist at
Nikko Securities....
[Discussion of how the technology fueled the willingness of big
investors to trade for short-term profit instead of investing for
long-term returns.] In other words, it helped turn [large,
traditionally conservative institutions] from investors into traders.
What's more, the computer's enormous appetite for price data helped
divorce buy and sell decisions from developments in the business world,
focusing them instead on numerical relationships among thousands of
fluctuating stock prices....
Technology also gave a false sense of security to investors who
deceived themselves into thinking that ballyhooed computer-based
trading techniques would somehow protect them in a falling market....
The Allure of Technology
[Discussion of how the stock exchanges have built huge computer centers
to process enormous daily transaction volumes.]
Starting six years ago, a new generation of personal computers and more
powerful work stations began playing another, very different role...
They were programmed to spot bargains, and to constantly compare the
prices of stock index futures contracts... with the prices of the
actual stocks....
Without question the new techniques made the markets more efficient...
[assuring] that prices reflected pertinent information instantly, and
they encouraged investors to trade simultaneously in more than one
market, helping to minimize disparities in prices.
But the programs also introduced enormous pressure to act and react
instantly. "Overnight, the reaction time to market-influencing events
dropped from months or days to minutes and seconds," said Allen Sinai,
the chief economist of Sherson Lehman Brothers. "Unless you could
evaluate all this data instantly, you were out of business."
New Tricks for Investors
[Description of various "program trading" strategies, including stock
index arbitrage, which takes advantage of momentary differences between
the prices of stocks and of the corresponding futures contracts (trades
must be made instantly before the price difference disappears), and
portfolio insurance, which is supposed to reduce the risk of a downturn
by selling stock index futures.]
[on portfolio insurance:] Advocates of the system were asserting
before the collapse that it assured that losses would not exceed 5
percent of the value of the portfolio....
Promotions [of portfolio insurance] worked: By October, between $70
billion and $90 billion was invested in funds using some form of the
insurance....
As a result, some [investors] abandoned ordinary prudent techniques,
such as selling a portion of their holdings for cash when the market
hit new highs, because they were confident the programs would work....
When Facts Became Myths
The problems lay in the computerized models of how markets act: They
rested on assumptions that proved false. One assumption, for example,
was that the markets would be well behaved, meaning that stock prices
and futures prices would closely track each other. Another was that
whenever the computer commanded a buy or a sell, there would be buyers
and sellers.
On Oct. 19, neither condition applied. Stocks and futures prices were
far out of whack. At times, no buyers could be found. Computers
literally froze -- they were not programmed to cope with the
unexpected.
The role of stock index arbitrage is harder to assess....
..traders say that it may have begun a wave of selling that was then
exaggerated by portfolio insurance programs.
In retrospect, the portfolio insurance programs may have helped create
much of the turmoil that ultimately defeated them.
"The problem was that everyone is working from roughly the same
theories," said Peter U. Vinella, a partner at Berkeley Investment
Technologies in Berkeley, Calif., which writes many complex trading
programs. "They all get the same feedbacks. And that leads everyone
to take the same action."
A Fear of Defying the Computer
Why do people become captive to computers? Programs, of course can
easily be overruled by humans, who make the final decision about
whether to proceed with a transaction. But amid chaos, when seconds
could mean the difference between profit and ruin, traders are deeply
reluctant to disregard the neat columns of computer-generated
instructions.
"People get lulled into thinking, `My program says this will work,'"
said Robert H. Mundheim, the dean of the University of Pennsylvania law
school.... "And you don't have time to think through the assumptions
that went into the programs -- if you understood them in the first
place."
[Discussion of whether a fully automated trading system might have
avoided some of the panic that set in when orders were backed up for
hours, causing investors to sell even more.]
Slowing of Market Studied
Investigators have already discarded as unenforceable one option:
stopping the use of computer programs that speed the pace of
decision-making. More practical, experts say, would be actions that
slow the market, giving participants a chance to absorb new data and
adjust accordingly....
------------------------------
End of RISKS-FORUM Digest
************************