RISKS-LIST: RISKS-FORUM Digest Tuesday, 23 February 1988 Volume 6 : Issue 30

RISKS-LIST: RISKS-FORUM Digest Tuesday, 23 February 1988 Volume 6 : Issue 30

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
The risks of pressing the wrong key -- a taxing situation (Gligor Tashkovich)
Taxing of information (Steven Koinm)
Using viruses for copy protection (Doug McIlroy)
What's in a Name, III (Vint Cerf, John Pershing)
Re: Mistaken Identity (Amos Shapir)
Details of bank's costly computer foul-up (Rodney Hoffman)
Voice-print security (and Rory Bremner) (J M Hicks)
Auto-mated Citations (Mark Brader)
Re: Shuttle Security (Henry Spencer)

[There is a mass of messages pending on Trojan horses and Viruses.
I may put out an issue or two dedicated to that subject. PGN]

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
Contributions to [email protected], Requests to [email protected].
> > > > > > > > > PLEASE LIST SUBJECT in SUBJECT: LINE. < < < < < < < < <
For Vol i issue j, FTP SRI.COM, CD STRIPE:<RISKS>, GET RISKS-i.j.
Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85).

----------------------------------------------------------------------

From: gligor%[email protected] (Gligor Tashkovich)
Date: 21 Feb 88 13:01
Subject: The risks of pressing the wrong key -- a taxing situation

Coopers & Lybrand did my rough French taxes on Friday (courtesy of Digital) by
computer. When the agent went to pull a screen of information that he had
entered on me, he pressed the wrong key and up came personal tax information
that was for another employee of Digital in my subsidiary. All the important
confidential information was there including salary, real estate owned, etc.

The risk here is that information that you give to a tax person on a
confidential basis might not be that confidential after all ...

------------------------------

From: Steven Koinm <[email protected]>
Subject: Taxing of information
Date: 17 Feb 88 07:48:28 GMT
Organization: Oklahoma State Univ., Stillwater

I recently came across an interesting idea presented by a hacker while doing
research for a paper. The hacker said that he could not consider
information property because it cannot be taxed.

But, what if it could. How would you put a property tax on information? How
can you say what the value of that information is? It may be invaluable to
you but it's still just a bunch of bits unless it is used? Maybe if they
were to keep track of each time you used a piece of information and then based
the amount of tax on that?

Would this make people stop collecting HUGE amounts of information that they
keep around just for the sake of "I'll need that someday" or "Why bother
erasing it, it may still be valid."

I just thought that this was an interesting thought...

GOOG ?? (a.k.a. Steve Koinm)
Computing and Information Sciences Internet: [email protected]
Oklahoma State University UUCP: {cbosgd, ihnp4,
Stillwater, OK 74075 rutgers}!okstate!garnett

------------------------------

From: [email protected]
Date: Mon, 22 Feb 88 08:17:49 EST
Subject: Using viruses for copy protection

I've not heard actual instances of latent viruses being used for copy
protection, although one of your correspondents asserted that had been done.
Anybody contemplating such a gimmick, however, had better think twice. If you
booby trap your house and injure a burglar, or if you string a wire across a
hikers-only trail and decapitate an illegal biker, you are criminally liable.

Doug McIlroy

------------------------------

Date: 21 Feb 1988 00:20-EST
Subject: Jr., Sr., III (RISKS-6.29)
From: [email protected]

RE: Mr. William E. Brown III, it's a good thing his name isn't
William W. Brown III or his card would read W W III !!

RE: systems that don't deal with trailers on names like Jr., Sr. or
III, MCI Mail specifically parses for these.
Vint

[Because Vint does not have one of these trailers,
he cannot be accused of being Self-Cerfing. PGN]

------------------------------

Date: 23 Feb 88 11:22:11 EST
From: John Pershing <[email protected]>
Re: W E III

The letters that I find most amusing are the ones that I get every couple
of months that start out long the lines of:

A personal message for JOHN A PERSHING JR:

Dear Mr. Jr:
...

Also, back when I was in college, our fraternity was listed in the phone
book as "Kappa Sigma Frat". One day, we got a bulk mailing declaring
"Good News for the Frat Family" addressed to Mr. K.S. Frat, claiming that
an arduous genealogical search had turned up the Frat Family coat of
arms, which they wanted to send to us (for a price, of course).

John A. Pershing Jr., IBM, Yorktown Heights

[Live off the Frat of the Land and operate under a strict Coat of Alms. PGN]

------------------------------

Date: Mon, 22 Feb 88 09:27:57 PST
From: Amos Shapir NSTA <[email protected]>
Subject: Re: Mistaken Identity (RISKS DIGEST 6.29)

The Israeli state collection agency issued a warrant for the arrest of a
debtor; since they had only his name (a rather common one) and the town he
lived in, a clerk completed the missing information - full address, ID number
and father's name - from the first entry for a person of the same name he found
in the citizen's registry. That person had a very hard time (including an
overnight arrest) explaining to the authorities that it's not him ("but it is
*your* ID on the arrest form, isn't it?!").
Amos Shapir

National Semiconductor 7C/266 1135 Kern st. Sunnyvale (408) 721-8161
[email protected] till March 1, 88; Then back to amos%[email protected]

[This one is computer-related in the sense that input data should
acquire an appropriate measure of trustworthiness and then be
handled accordingly. That measure should stay with the data, as
is the case with a security label. PGN]

------------------------------

Date: 7 Feb 88 18:36:54 PST (Sunday)
Subject: Details of bank's costly computer foul-up
From: Rodney Hoffman <[email protected]>

In RISKS-5.16 (25 July 1987) and again in RISKS-6.16 (27 January 1988), I
related news accounts of Bank of America's failed attempt at an ambitious new
trust accounting and reporting system.

The Los Angeles Times for Sunday, February 7, 1988, carried a lengthy front-page
review of the entire debacle, "B OF A'S PLANS FOR COMPUTER DON'T ADD UP" by
Douglas Frantz. The article includes lots of background history and economics.
Here are a few edited excerpts giving more details than the previous accounts:

Last month, Bank of America acknowledged that it was abandoning the $20
million computer system after wasting another $60 million trying to make
it work. The bank will no longer handle processing for its trust division,
and the biggest accounts were given to a Boston bank. Top executives
have lost their jobs already and an undisclosed number of layoffs are in
the works.

...The total abandonment of a computer system after five years of develop-
ment and nearly a year of false starts raises questions about the bank's
ability to overcome its technological inadequacy in an era when money is
often nothing more than a blip on a computer screen....

In 1981, the bank had fallen far behind in the computer race. Then-new
chairman Armacost launched a $4-billion spending program to push B of A
back to the technological forefront. The phrase he liked was "leap-
frogging into the 1990s," and one area that he chose to emphasize was
the trust deparment....

The bank was mired in a 1960s-vintage accounting and reporting system.
An effort to update the system ended in a $6-million failure in 1981
after the company's computer engineers worked for more than a year with-
out developing a usable system.....

In the fall of 1982, bank officers met Steven M. Katz, a pioneer in creat-
ing software for bank trust departments.... In 1980, he had left SEI Corp.
in a dispute and founded rival Premier Systems.

Katz insisted on using Prime instead of B of A's IBM computers. He boasted
that he could put together a system by 1983. Within six months, a B of A -
led consortium of banks agreed to advance Premier money to develop a new,
cutting-edge system for trust reporting and accounting. Nearly a year was
spent on additional research.... The go-ahead to fund to project came in
March, 1984. While it was not a deadline, the goal was to have the new
system in operation by Dec. 31, 1984.

What followed was a textbook structure for designing a computer system. A
committee was formed of representatives from each B of A department that
would use the system and they met monthly to discuss their requirements.
DP staff gathered for a week each month to review progress and discuss
their needs with the Premier designers. Some of the DP experts found Katz
difficult to deal with occasionally, especially when they offered views on
technical aspects of the project. "Don't give us the solutions. Just tell
us the problems," Katz often said.

When the ambitious Dec. 31, 1984, goal was passed without a system, no one
was concerned. There was progress, and those involved were excited about
the unfolding system and undaunted by the size of the task. B of A devoted
20 man-years to testing the software system and its 3.5 million lines of
code; 13,000 hours of training, including rigorous testing, were provided
to the staff that would run the system....

In spring 1986, the system was about ready. Some smaller parts were already
working smoothly. Test runs had not been perfect, but the technicians
thought most bugs could be worked out soon. A demonstration run had been
successful....

Many employees were operating both systems, working double shifts and
weekends. Late in 1986, an anonymous letter warned against a "rush to
convert" to the new system and told the manager, not a computer expert,
that people had "pulled the wool" over his eyes. The executive assured
the staff that there would be no conversion before it was time. By then,
lines of authority had also changed, making cooperation difficult.

By early 1987, tests had been running with only a few bugs. "There were
still bugs, but the users felt they could run with it and work out the
bugs as we went along," one former executive said. A conversion date was
set: March 2, 1987.

Just then, half the DP staff was pulled off the assignment. The conversion
lasted one week. On March 7, the first of the 24 disk drive units on the
Prime computers blew up, causing the loss of a portion of the database. It
was past midnight each night before workers retrieving data from a backup
unit left the offices. Over the next month, at least 14 more of the disk
drives blew up. None had malfunctioned in the previous months of test.

It turned out that the units were part of a faulty batch manufactured by
Control Data Corp. But by the time the cause was discovered, delays had
mounted and other difficulties had arisen. Taken individually, none would
have caused the ensuing disaster. Together, they doomed the system.

At the same time, the bank decided to move the main staff 30 miles away.
Key people quit and morale sank. Another section of staff was told they
would be moving from Los Angeles to San Francisco, with many losing their
jobs. [Conflicts, turf battles, consulting firms, temporary employees]

The bank's first public acknowledgement of the problems came in July 1987.
[See RISKS-5.16] An in-house investigation was viewed by many staff mem-
bers as a witch hunt. The bank announced further costs and then the trans-
fer of the accounts in January 1988. [See RISKS-6.16]

The bank's one-time head of the program, since resigned, says, "A lot of
people lay down on the floor and spilled blood over this system, and why
they abandoned it now I cannot understand. A guy called me this morning
out of the blue and said that 95% of it was working very well."

------------------------------

From: J M Hicks <[email protected]>
To: [email protected]
Subject: Voice-print security (and Rory Bremner)

On Saturday 20th February, the B.B.C. Radio 4 programme "Money Box" broadcast
an item about a service provided by a bank in Britain. (I didn't catch the
name of the bank --- a pity.) The service is provided by telephone. No
mention was made about any kind of secret personal code to confirm the identity
of a customer --- security is afforded by the bank's computer's memory of one's
"voice-print", i.e. it can tell who you are just by listening to your voice.
I believe "funds transfer" is one of the services provided.

The representative of the bank was asked about the possibility of someone
impersonating a customer. He replied that the bank had engaged Rory Bremner,
a well-known mimic, to try to mimic other people and deceive the computer.
Rory couldn't.

Suppose someone recorded someone else's voice and played that down the
telephone line? (I think the recording would have to be made while the victim
was using the service, though --- after speaking each digit to the computer one
has to wait for a confirmatory beep. Ordinary fluent speech would not do.)

What do readers think of the idea of dispensing with the secret
personal code?

(Respondents should bear in mind that few people in Britain have telephones
with multi-tone dialing.)

J. M. Hicks (a.k.a. Hilary),
Computing Services, Warwick University, Coventry, England. CV4 7AL
On JANET: [email protected] (in the U.K.)
On uucp: ...!ihnp4!mcvax!ukc!warwick!cudat

[Distressing to see the old argument, "Our best forger couldn't break
it, so it must be pretty good." Voice-prints are difficult to mimic by
voice, but easy to spoof by playback attacks. On the other hand,
personal codes (PIN numbers) are also not wholly dependable. RISKS
readers know by now that just about every attempt to gain user
convenience has some intrinsic vulnerabilities. PGN]

------------------------------

Date: Mon, 15 Feb 88 22:13:02 EST
From: [email protected] (Mark Brader)
Subject: Auto-mated Citations

Following are excerpts from a Usenet discussion going on in the newsgroups
sci.electronic, rec.autos, and (!) rec.ham-radio. The excerpts were selected,
sequenced, and forwarded to RISKS by Mark Brader.

John Moore ([email protected]):

Here in Paradise Valley, Arizona, we have the dubious distinction of
being the only place in the US where speeding tickets are given by
mail after an automatic device snaps your picture and speed!

Norm Strong ([email protected]):

Most countries in the world hold the owner responsible for
speeding, regardless of who's driving. This isn't possible
in the US because we have a constitution that prohibits it.

Richard Welty ([email protected]):

This* proves to be alterable via local statute. Communities that are
trying out the robocop have altered their laws so that they may charge
the owner if said owner refuses to identify the driver at the time of
the infraction. I wonder if the owner gets any points from this ...
[* No, he didn't mean the US constitution -- msb]

Ron Natalie ([email protected]):

I was wondering when someone was going to bring up the question of
"it's not me driving." I have no idea how Arizona deals with it, but
a friend who was stationed in Germany told he how it is dealt with there.
If the driver in the picture is not positively identifiable as you, they
will let you off on the provision that you log whereever you drive. Hence,
if you get your picture taken again, you will have a before the fact
record of if you were there. Not keeping your log truthfully is a
serious offense.

Mad Matt Schaefer ([email protected]):

I've heard of this system in Europe (Germany?) and somebody told me that it
became unpopular with government officials and other important people because
the ticket and picture came in the mail while the guy was at work and his
wife opened it and saw the picture of the car, plate, speed, husband, and
*the other woman* in the car with him. I thought, "this guy is not gonna get
the welcome he is expecting when he gets home."

------------------------------

Date: Sat, 20 Feb 88 18:44:47 EST
From: [email protected]
Subject: Re: Shuttle Security

> ... 7 packages of microfilm classified "Confidential" were left
> unsecured for 8 months. Each package of microfilm contained 181 sheets,
> listing 4,205 confidential radio frequencies ...
> What does this do to a risk analysis of shuttle safety? ...

Probably nothing much. There is NO SUCH THING as a "confidential radio
frequency" if it is in active use. It's just not that hard to eavesdrop
enough to find out which frequencies are being used, and make good guesses
about what they are being used for. (For example, triangulation will tell
you which transmissions are coming from the range-safety transmitters.)
The real security of the system rests on the secret codes used to trigger
action, and on the difficulty of outshouting the range-safety transmitters
(which send continuously at high power to make it hard for a false signal
to be heard). Refusing to publish the frequency is just an extra obstacle,
and not a very important one.

This whole thing sounds like a tempest in a teapot, actually. "Confidential"
is not a very high classification. Long odds that nothing of real importance
was in those microfilms.

Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry

------------------------------

End of RISKS-FORUM Digest
************************