Subject: RISKS DIGEST 14.42 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 23 March 1993 Volume 14 : Issue 42 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Her Majesty's Government's missing millions (Pete Mellor) What a fragile, interconnected world we live in! (David Daniels) Technological Manipulations in Political Advertising (David Daniels) Conspiracy trial ends in `Surprise' acquittal (Jonathan Bowen) RISKS of brain interference (Mich Kabay) Interference on airplanes (John Sullivan) Virus Catalog update/New VirusBase (Klaus Brunnstein) Re: Buy IBM and get fired (Todd W. Arnold, Bennet S. Yee) RISKS Backlog (PGN) Eleventh Intrusion Detection Workshop (Teresa Lunt) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 19 Mar 93 10:59:52 GMT From: Pete Mellor Subject: Her Majesty's Government's missing millions BBC Radio 4 news this morning (19th March 1993): Sir John Bourne, head of the Government Audit office, stated that an audit of the Social Fund had revealed that (pounds) 37 million could not be accounted for. It appeared that 16 million of this could be ascribed to the "usual" errors in inputting data to the computer system. The other 21 million was "lost" due to the incorrect operation of the computer system itself. The Social Fund is used to make "one-of" payments to people receiving social benefit, e.g., for the purchase of an essential item such as a cooker. The failure occurs when such people move from one area to another: the system does not transfer the record of the payment they have received to the new area, and the money appears to have been "lost". It is expected that it will be possible to trace most of the money. A Labour MP who chairs one of the Social Benefit committees (sorry, name and committee not recorded) stated that this sort of problem is all too frequent, and is due to computers having been introduced too rapidly into government departments, and to the advice of the government's own computer experts having been ignored. [No further details available at present.] Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk ------------------------------ Date: Mon, 22 Mar 93 00:04 GMT From: David Daniels <0004381897@mcimail.com> Subject: What a fragile, interconnected world we live in! NY Times, 3/20 from Dallas, 3/19... The collapse of the snow-laden roof of a computer center in Clifton, NJ, last Saturday also brought down 5,000 ATM's nationwide, causing particularly serious problems in California and Illinois. The situation has left the banking industry and its customers wondering about their growing reliance on such machines. Some of the questions concern the planning for such emergencies. The computer center's crisis plan called for it to move to a backup site in North Bergen, NJ, operated by a company that supplies such disaster-recovery services. That plan was thwarted because the center was filled with other computer operators who had been displaced from the World Trade Center by last month's bombing. ------------------------------ Date: Sun, 21 Mar 93 05:35 GMT From: David Daniels <0004381897@mcimail.com> Subject: Technological Manipulations in Political Advertising NSF Press Release 93-24, 8 March 1993, contact Mary Hanson (202) 357-9498 RESEARCHERS UNCOVER "ETHICALLY SUSPECT" TECHNOLOGICAL MANIPULATIONS IN POLITICAL ADVERTISING Most Americans are aware of the potential impact of political ads on their voting behavior; but many may not realize that a significant percentage of ads they see on television have been technologically manipulated to create a false or misleading impression. Researchers supported by the National Science Foundation (NSF) analyzed 2,000 ads from the 1952 through the 1992 campaigns -- primarily at the presidential level -- and found that nearly 15 percent of them were deliberately distorted. "We think we've identified a substantial problem that has implications for the political process," said Lynda Lee Kaid, director of the Political Communication Center at the University of Oklahoma, who is leading the pilot project. "The technology provides an opportunity for candidates to perhaps abuse the trust that the voters have in our political process." Along with a panel of ethics experts, Dr. Kaid has analyzed the ways in which modern computer and audio-video technologies have been used to create ethically suspect television spots in political campaigns. Her analysis uncovered a variety of manipulation techniques, including speeding-up or slowing down an audio track to make a candidate's voice seem either God-like or whiny, and distorting video images. Such manipulations, Kaid said, were more likely to appear in negative ads than in positive ones. According to Kaid, distorting video images has become an increasingly popular technique which she considers ethically "dangerous." "Many of these new technological devices make it possible to alter images in a way that is not perceptible to the human eye when they're viewed on television." For example, footage can be edited so that a candidate's comments are taken completely out of context or are used with other footage to portray an entirely different meaning than originally intended. Kaid pointed out that, while manipulation techniques are often used in many kinds of advertising, "we believe it's a particular problem in political advertising because it has become the major way in which candidates communicate with voters." Kaid hopes her research will be used as a defense against unrecognized manipulation of voter opinion. "We're trying to help voters and the public recognize these techniques, so they can make better judgments and become informed consumers of political ads." She plans to create an educational videotape with her research findings. In subsequent research phases, Kaid hopes to conduct experimental studies to determine the extent to which voters are actually misled by manipulation techniques, or whether they are capable of recognizing the distortions when they see them. "We'd like to develop a direct link between the technological distortions and the actual voter decision-making process so that we can show whether or not these techniques really do result in an abuse of the political process." According to Rachelle Hollander, NSF program director of Ethics and Values Studies, the research findings point to the need to systematically examine the impact of political ads on voter behavior, and thus on public policy-making. "We need to start thinking about how new communications technologies can influence and persuade...but also can mislead," she said. ------------------------------ Date: Fri, 19 Mar 93 18:19:51 GMT From: Jonathan.Bowen@prg.ox.ac.uk Subject: Conspiracy trial ends in `Surprise' acquittal The Thursday 18th March 1993 issue of The Independent newspaper covers the acquittal of a teenage hacker in the UK in some depth. A front page article includes the following: Conspiracy trial ends in `Surprise' acquittal Hacker penetrated MoD [UK Ministry of Defence] The teenage hacker acquitted yesterday of conspiracy charges under the Computer Misuse Act 1990 gained access to Ministry of Defence computers holding confidential information. ... The print-outs show confidential telephone numbers and information about the US network and missile bases linked to the US Army. ... Police officers involved said they were "surprised" by yesterday's verdict. The Computer Crimes Unit was eager to prosecute this first major trial under the new legislation. [sic] Page 4 includes a full page article on the subject in which it is estimated that the annual bill to British business of computer fraud is 1.1 billion UK pounds (c. $1.5B). A leading article on page 25 states: If Mr Bedworth's acquittal sets a prededent, it will make an ass of the Computer Misuse Act 1990. The Act was drafted specifically in order to close loopholes that had previously allowed people to do legally what he did. Jonathan Bowen, Oxford University Computing Laboratory ------------------------------ Date: 19 Mar 93 10:57:25 EST From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: RISKS of brain interference This morning the Globe and Mail (Canada) reported that Fujitsu of Japan is working on a brain-wave interface for computers. According to The Times of London, company spokesperson Michael Beirne said, "Our goal is to create an intuitive computer that can pick up your thoughts even as you walk around a room." The Globe and Mail summary claims that the researchers are currently working on distinguishing thoughts of "up" from those of "down" to move a cursor. RISKS participants will easily think of some fascinating problems ahead of the researchers and of society as this technique evolves. For example, in the 1956(?) movie, "Forbidden Planet," space-farers approach an unknown planet and are warned away by the lone inhabitants (an elderly man and his--naturally--nubile and short-skirted daughter). He shows the visitors the remains of the original people who had lived on the planet. The Krell were masters of technology and even devised a mechanism for giving life to the thoughts of sentient beings. Unfortunately they suddenly disappeared without a trace shortly after this technology was introduced. Some crewmembers try the device out and create little dancing women for their amusement. Then disaster strikes: invisible monsters turn crewmen into hamburger every night, leaving bent stairways and huge footprints. Eventually, a dying man croaks out the clue: "Monsters," he says, "monsters from the id." So what will happen to the brain-wave sensitive user interface when the ostensible desire to do productive work on a certain file for that nasty boss is overridden by the subconscious desire to delete the file? And if the R&D folk really are working on pattern recognition for mental vocalization, will this lead to pattern recognition of unconscious mentation? Are we headed for telepathy machines? Mind readers? What fun! Expect an increase in the volume of email in RISKS-L. Michel E. Kabay, Ph.D., Director of Education National Computer Security Association ------------------------------ Date: Sat, 20 Mar 93 14:14:31 CST From: sullivan@geom.umn.edu Subject: Interference on airplanes The March 13th issue of The Economist has a short article on interference by passengers' electronic devices on aircraft control systems. It mentions "a Boeing 747-400 that weaved from side to side until two laptops ... were turned off" and Nintendos "confusing the automatic direction-finder" of a DC10. Possible causes include plastic composites used in airplane construction, and lower-voltage electronic systems. Electronic devices used by passengers "near the front of an aircraft appear to be most disruptive". [Maybe we should banish business class to the back of the plane.] There are also reports of interference "triggering anti-lock brake systems" in German cars, and causing Japanese robots to "run amok". [Another article in the same issue discusses the failure of the London Stock Exchange's computer trading system, Taurus.] -John Sullivan@geom.umn.edu ------------------------------ Date: Tue, 23 Mar 1993 17:29:37 +0100 From: brunnstein@rz.informatik.uni-hamburg.dbp.de Subject: Virus Catalog update/New VirusBase The new version of Virus Test Center' *Computer Virus Catalog* is now available for ftp (ftp.informatik.uni-hamburg.de). The following files may be downloaded: INDEX.ZIP the new index file (INDEX.293), listing all 283 viruses in 5 platforms yet described AMIGAVIR.ZIP the cumulative AMIGAVIR files, now describing 77 AMIGA viruses (15 new ones) MSDOSVIR.ZIP the cumulative MSDOSVIR.files, now classifying 156 MSDOS viruses and trojans (32 new ones) MACVIR.ZIP the cumulative MACVIR files; no update since July 1992 (.792) as no new viruses were found ATARIVIR.ZIP the old AtariVir files (20 viruses) not updated as we have no new viruses for analysis. The single UNIX virus (AT&T Attack) will be sent on request (on ftp soon). In the new MSDOSVIR.293 file, the following new PC viruses are classified: 10_past_3 (2), Adolf, Alabama, Chemnitz, Exe_Bug (2), Flip, Hey_You, Kampana=Spanish Telecom (2), Minimal (15), Techno, VOID_POEM, V-163 and V-Sign/CANSU. Moreover, characteristic features of viruses generated by the following authoring packages are also classified: PS-MPC and VCL. As announced last year, the new *machine readable CVC version* called CVBASE is also available for downloading: cvbase-293.zip. CVBASE allows to display all CVC entries (in total 288, on Amiga, Atari, Mac, MsDos and the single UNIX virus), under option VIRUS, but also gives an OVERVIEW and STRAIN relationship about All (about 2,200) viruses in the CARO/VTC collections (using CARO naming scheme) as well as the VTC collection on Amiga (77), Atari (20), Mac (35) and Unix (1). From STRAIN, one may read available CVC entries. *Any suggestions how to improve this version are welcome* Klaus Brunnstein (U-Hamburg, Virus Test Center, March 22,1993) ------------------------------ Date: Tue, 23 Mar 93 13:18:20 EST From: "Todd W. Arnold" Subject: Buy IBM and get fired - a response (Anderson, RISKS-14.41) In an earlier posting, Ross Anderson discusses the cancellation of the Taurus project in the UK. The information he presents, some from the UK media, is misleading and in some cases incorrect. This gave a rather unfair appraisal of IBM security products. In fact, this part of the system was finished, installed, and tested. I've been asked to post the following "official" description of the situation, so everyone knows what really happened. "The overall Taurus project was managed by the London Stock Exchange with Coopers and Lybrand and other consultants in a number of key management positions; with a range of contractors involved in sub-projects modifying and enhancing the Stock Exchange systems. A US software house was meant to be providing a new custody application and IBM provided a market-leading security infrastructure. The shelving of the overall TAURUS project is for reasons unconnected with IBM's role. IBM's involvement has been as subcontractor for the TAURUS Message Security system. This leading-edge development exploited IBM ICRF host cryptography, OS/2, smart cards, and PS/2 cryptography and signature verification technology to deliver an outstandingly secure method of transferring data between member firms and the Stock Exchange. The development was successfully completed last summer, then rigorously acceptance-tested by the Stock Exchange. IBM installed the system across 200+ separate financial institutions, completing on time in February against an aggressive schedule." I've been told that the massive complexity of the back-end settlement systems was a major factor in the collapse, but I don't really know all the details. (Note that the "signature verification technology" mentioned above is dynamic signature verification, a biometric technology -- not public key digital signatures. RSA public key functions are also available in TSS, but that's not what was used in Taurus.) Todd W. Arnold, tarnold@vnet.ibm.com, IBM Cryptographic Facility Development, Charlotte, NC Disclaimer: This posting represents the poster's views, not those of IBM [I normally suppress all disclaimers and cover them blanket-wise in the masthead. This one is intriguing, because the posting explicitly contains an "official" description, which would seem to disclaim the disclaimer! PGN] ------------------------------ Date: Thu, 18 Mar 93 14:53:41 EST From: Bennet_Yee@PLAY.TRUST.CS.CMU.EDU Subject: Re: Buy IBM and get fired (Anderson, RISKS-14.41) We should not disparage physical security just because we can't sell our pet methodologies. Physical security is a necessary component of any security system. Private keys must be stored -- and _used_ -- in a secure environment where there is no risk of exposure. Formal methods and elliptic curves are orthogonal to the need for steel boxes. +Future systems however may well use public key algorithms, and maybe even +electronic wallets which distribute the security processing entirely into +smartcards. Regardless of whether we use public key or private key, we still need the ability to perform secure processing with the secret key. Be it a computer room with armed guards, a giant steel box, or other forms of tamper-proof hardware, -some- of the bank's computation must be secure. Whether we use public key or private key is again orthogonal to physical security needs. Smart cards may appear attractive for many applications, but they do not suffice for handling the case of trying to ``distribute the security processing entirely into'' them. Even if we assume that they have sufficient power to run public key cryptosystems, a problem remains: we still can't always trust the balance on a smart card. Today's smart cards don't provide any physical security; their users do. The implicit assumption is that users of smart cards carry their smart cards with them at all times, and can keep the secrets/data kept within their smart cards from being exposed/modified. Malicious users, on the other hand, have plenty of opportunity to tamper with their smart cards. Keys may be exposed, balances may be changed -- there are no privacy and integrity guarantees with malicious users. Not being able to keep balance information in smart cards means that there must be servers where such information is kept. Central servers mean that our electronic wallets do not really hold electronic currency but serves only as an ID card. Chaum's digicash fixes some of the tampering problems by using cryptography, but it really is not much better than a checking system -- receivers of the digicash must contact a centralized server to verify that the digicash hasn't been previously spent before committing a transaction, or otherwise risk the digicash ``bouncing''; digicash is not really transferable except through centralized servers, since the need to trace its transfer path for duplication detection diametrically opposes the need for anonymity. What are the risks? Mainly that of attitudes that we as scientists/professionals should avoid. We shouldn't jump on technological bandwagons. Public key cryptosystems, electronic wallets and smart cards, formal methods, etc, are powerful, useful tools, but they are no panacea. We must be careful in evaluating exactly how much can be done with them. Just because DES-in-steel-boxes may seem old and ``clunky'', there were good reasons for using it, and we had better think things through before we start dreaming about (or ``selling'') alternative technologies for the future. Bennet S. Yee Phone: +1 412 268-7571 Email: bsy+@cs.cmu.edu School of CS, Carnegie Mellon, 5000 Forbes Ave, Pittsburgh, PA 15213-3891 ------------------------------ Date: Tue, 23 Mar 93 17:04:47 PST From: RISKS Forum Subject: RISKS Backlog Thanks to all of you who diligently respond to RISKS topics. There is a big backlog of items at the moment, particularly on garage door burglaries and computer controlled parachutes! Some of these items are drifting in relevance or otherwise requiring a little extra thought on whether to include them. Contributors must be patient. You may also note that I cannot reply to every message. I try to take care of all REQUEST mail and new topics, but occasionally the load of incremental comments on already marginal material becomes overwhelming. Thank you for your patience. The Management [PGN] ------------------------------ Date: Tue, 23 Mar 93 16:08:59 -0800 From: Teresa Lunt Subject: Eleventh Intrusion Detection Workshop ELEVENTH INTRUSION DETECTION WORKSHOP CALL FOR PARTICIPATION A two-day workshop on intrusion detection will be held at SRI International in Menlo Park, California on May 27-28, 1993, the Thursday and Friday following the 1993 IEEE Symposium on Research in Security and Privacy in Oakland, California. This will be the eleventh in a series of twice-yearly intrusion-detection workshops. The workshop will run from 9am until 5pm on Thursday, and 9am until 2pm on Friday. The workshop will consist of several short presentations as well as discussion periods. If you have any progress to report on an intrusion-detection project or some related work that would be appropriate for a short presentation, please indicate the title and a paragraph describing your proposed talk on the form below. You can also indicate there your suggestions for discussion topics. Of course, you do not have to make a presentation to attend; all are welcome! If you and/or your colleagues wish to attend, please RSVP using the form below. You may email the completed form to Liz Luntzel at luntzel@csl.sri.com, or send it by post. There is a $100 charge for the workshop. This fee includes lunches in SRI's International Dining Room. Please make your check out to SRI International and mail it to Liz Luntzel, SRI International EL-248, 333 Ravenswood Ave, Menlo Park CA 94025 USA. For other questions, please call Liz at 415-859-3285 or send her a fax at 415-859-2844 or email at luntzel@csl.sri.com. SRI is located at 333 Ravenswood Avenue in Menlo Park. The workshop will be held in room IS109, which is in the International Building. If you wish instructions on how to get there, indicate that below. -------------CUT HERE AND RETURN TO LUNTZEL@CSL.SRI.COM------------- ELEVENTH INTRUSION DETECTION WORKSHOP Yes! I will attend the Intrusion-Detection Workshop May 27-28 at SRI. [Please complete the following:] Name: Title: Affiliation: Address: _ PLEASE SEND ME INSTRUCTIONS for getting to SRI and parking. YES |_| [by email or SnailMail, as appropriate] [Indicate one:] I [will/will not] be willing to present a talk. [Please complete the following:] Title of Talk: Abstract: Suggestions for Discussion Topics: ------------------------------ End of RISKS-FORUM Digest 14.42 ************************