27-Mar-86 00:22:27-PST,5928;000000000000 Mail-From: NEUMANN created at 27-Mar-86 00:20:50 Date: Thu 27 Mar 86 00:20:50-PST From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.34 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Thursday, 27 Mar 1986 Volume 2 : Issue 34 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: RSO's and IIP's - Martin Moore's response (Henry Spencer) Range Safety: a final word (Martin Moore) Someone really sophisticated, with a Ph.D... (Nigel Roberts, Keith F. Lynch) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Date: Wed, 26 Mar 86 20:45:04 EST From: ihnp4!utzoo!henry@seismo.CSS.GOV To: risks@sri-csl.arpa Subject: Re: RSO's and IIP's - Martin Moore's response > Now, to answer your question, missiles launched at the Cape NEVER fly over > land intentionally except at the very first seconds (unavoidable) or during a > shuttle landing... This is why the launch facility at Vandenberg was built; > shuttles cannot be launched into polar orbits from the Cape because there is > land both due north and due south... As an example of how bureaucratic priorities can sometimes override known safety considerations, it is worth noting that the Office of Mismanagement and Bean-counting did suggest saving the cost of the Vandenberg shuttle facility by launching north from KSC. This idea was a non-starter for about five different reasons, range safety not least. It's amazing that it was ever suggested, but it was -- quite seriously. Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,linus,decvax}!utzoo!henry ------------------------------ Received: from eglin-vax.ARPA [...] Mon 24 Mar 86 07:10:36-PST Date: 0 0 00:00:00 CDT From: "MARTIN J. MOORE" Subject: Range Safety: a final word To: "risks" Apparently I confused a few people judging by the mail I've gotten...what I said about missiles launched at the Cape not flying over land applies ONLY TO MISSILES IN THE LAUNCH PHASE. Obviously, satellites in orbit pass over a large part of the Earth's surface. And as another contributor pointed out, some test ranges routinely fly missiles over land; I was talking only about the Cape, which does not. I think this discussion is reaching the point of diminishing returns from the RISKS viewpoint. I will continue to answer detailed questions by personal mail, but let's move them out of RISKS. /mjm [PGN concurs.] ------------------------------ Date: Monday, 24 Mar 1986 05:26:49-PST From: roberts%forty2.DEC@decwrl.DEC.COM To: risks@sri-csl.ARPA, roberts%forty2.DEC@decwrl.DEC.COM Subject: Someone really sophisticated, with a Ph.D... ----------reply to mail dated 24-MAR-1986 06:19 [RISKS-2.33]----------- > ''It is possible to break into a system if all physical and software > security measures are ignored,'' Armstrong said. > ''But it would take someone really sophisticated, with a Ph.D. in math > or computer science.'' Since when does a Ph.D in math, or even one in Computer Science, teach you how to be a hacker (either kind)? Most of the "Computer Burglars" I have come across were entirely self-taught. Nigel. [I presume that is why Geoff titled it the way he did. It is guys such as Armstrong who are headstrong -- except that their heads are in the sand. They really believe it takes sophistication. Readers of RISKS supposedly know better, although I have tried to be fairly gentle in exposing gross security flaws in existing systems. PGN] ------------------------------ Date: Mon, 24 Mar 86 22:06:43 EST From: "Keith F. Lynch" Subject: Someone really sophisticated, with a Ph.D... To: Geoff@SRI-CSL.ARPA cc: RISKS@SRI-CSL.ARPA There was a story on the front page of the Washington Post on February 20th headlined "Maryland Computer Whiz Kid Faces Seven Theft Charges" and subsubtitled "Credit Card Numbers Shared Electronically". It described a 15 year old who got credit card numbers off a pirate CBBS and ordered computer equipment over the phone to be sent to a vacant house. Other than this, the "whiz kid" did nothing at all remotely exceptional. It looks to me like the wave of computer hysteria still hasn't passed. One of our Senators here in Virginia is introducing a bill to allow unlimited government snooping into personal computer files on the grounds that there might be data on child molestation (!) on the floppies. Seems to be an equally good case could be made on those grounds for warrantless searches of personal papers, and any other violations of the Bill of Rights I can think of. Computer security is the responsibility of system managers. There is a growing trend toward making microcomputers, often with no security systems at all, available over phone lines. Unknown phone numbers are NOT good security. Lots of kids dial numbers randomly searching for modem carriers. And there can be NO excuse for not having important data backed up. To make frequent backups should be the first thing anyone learns about computers. And being able to easily and frequently save state is one of the most important things any program should do. ...Keith ------------------------------ End of RISKS-FORUM Digest ************************ -------