|
Risks Digest 16.54
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
RISKS-LIST: RISKS-FORUM Digest Monday 7 November 1994 Volume 16 : Issue 54
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks), disclaimers *****
Contents:
[NOTE: "September 31" typo (30), Ravin, RISKS-16.53 fixed in archive copy.]
Fall time change and the usual computer system havoc (L. Scott Emmons)
Ottawa Library fines people using unreliable automatic calling system
(Michael Slavitch)
Tele-Phoney (John Vilkaitis)
Risks of assumption (Tom Swiss)
Re: CMU blocks access to nasty newsgroups (Bob Frankston, Arthur Hicks,
Jim Huggins, Harry Rockefeller)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: 02 Nov 1994 20:51:57 GMT
From: [email protected] (L. Scott Emmons)
Subject: Fall time change and the usual computer system havoc
With the recent change back from daylight savings time, we can always expect
the usual havoc caused by lousy operating systems that aren't smart enough
to know how to switch time automatically. Of course, this issue has been
discussed here before, so what happens at this location here may or may not
be of particularly exciting news.
Anyway, there is a card-key system that locks up a certain development
facility between 5pm amd 8am. The system is run by one of the aforementioned
lousy operating systems that is not smart enough to change the time
automatically. So, for a few days each fall the facility is unlocked and
locked early, and for a few days each spring the opposite occurs; until
somebody bothers to report it to the right person who has control over the
system. I'm not sure which is worse -- the security risk of having an
unlocked facility, or the annoyance factor in being unable to get into the
building without the right key-card.
Fortunately, most of the systems I have to deal with are Unix boxes, which do
set the time correctly. I wonder why other operating systems are so far behind?
L. Scott Emmons, U.S. Computer Services/CableData R&D Center (916) 939-6088
[email protected]
------------------------------
Date: Mon, 7 Nov 94 15:45:50 -0500
From: "Michael Slavitch, Consultant, (613) 781-9824" <[email protected]>
Subject: Ottawa Library fines people using unreliable automatic calling system
About two months ago I reserved a book at my local library. The library has
gone electronic in its reservation system. You reserve a book, and when
your turn to receive it comes due a computer dials your home phone number.
If an answer occurs, it assumes you heard the message; if you do not pick up
the book in three days, you are fined $2.00.
Basically, this is what happened to me. Their computer called my number and
the phone went off hook, starting the meter running. For some reason my
answering machine did not pick up the message (I have an answering machine
and a fax modem hanging off the same line, but the fax modem is outgoing
only).
The RISK here is obvious, and I consider it nontrivial. The librarian
insisted that the "system" is "reliable" and "almost always" works. Well, my
knowledge of datacomm says that if it does not always work it is not
reliable, and that they are fining people based on an assumption that the
message was received.
What's scary was the attitude of the librarian. Because she was told by
someone that the system works, she insisted that I had received the call. I
asked her for proof of that and she said that "the system said you got the
call, it must be true". My attempt to describe the essence of data
communications and reliable communication fell on deaf ears, and she refused
to give me the name of her superior because "the system works and nobody
should complain about it."
Well, I am. I know that it is only two bucks, but the implications that
arise from misuse or overly trusting such a system are worrysome. What if
the government started issuing parking tickets or summonses in this manner,
or banks warning you of surcharges on financial transactions? What if my
wife answered the phone and the book was "how to handle infidelity in you
marriage" :) (it wasn't).
So how do you handle two things:
[One] An unreliable delivery system being assumed to be reliable.
[Two] People placing trust in such a system.
Michael Slavitch, Software Design & Analysis Consultant, assigned to:
Bell SYGMA, Suite 250, 150 Elgin St., Ottawa, Ontario K2P 2C4, (613) 781-9824
------------------------------
Date: Mon, 7 Nov 1994 01:48:00 -0800 (PST)
From: [email protected] (Javilk)
Subject: Tele-Phoney
Troubles with Tele-Phoney Systems
Getting a wrong-number call in the middle of the night from another
human can be irritating. We may hope that future telephone numbers
incorporate a check digit to reduce these errors, but I doubt they will.
But let us first look at our "Telephone Neighborhood". Do you have
any idea who or what exists in the 62 or so valid telephone numbers only
a slip of the digit away from yours? (Area codes brings it up to about
80, but they are less often dialed. Another problem.) Apparently I
have several interesting entities in my telephone neighborhood. And with
most calls being dialed by embedded microprocessors and computers these
days...
What prompts this observation? Funny you should ask that...
On Friday, after the close of business for the weekend, (as in, when
else?!) I began receiving a strange series of persistent wrong number calls
from one gentleman in my area code. As I answered, I would hear the
"musique de telephon" of another ten-digit number being dialed. Although
apologetic, the caller insisted he was trying to reach several very
different numbers in two adjacent area codes. Soon others joined him in
reaching out and touching me with a number of different touchy toney loony
tunes, complaining that I was not the party of their choice; then retrying
the process with more diligence, and sometimes more stridence. But no
matter the area code or number they dialed, they all rang my phone.
Some investigation on my part revealed they all originated from the
same place, an apartment complex in a nearby city with a new PBX (Private
Branch Exchange,) telephone system. To save the dwellers money, (or to
line their coffers some more,) management had contracted with a private
(discount) telephone and cable company called "Western Telephone and
Television" (WTT) for a PBX with a feature called "least cost call
routing." The physical PBX is a 6 x 4 x 2.5-foot box containing twin
680x0 processors for redundancy, each with its own hard drive, and each
running a proprietary operating system called CORTELCO. The box can
handle up to 500 telephone lines, although only approximately 300 lines
were hooked up at that particular site.
Under normal circumstances, this PBX is programmed to quietly intercept
the dialed number, dial a five-digit access code (a 10-xxx number) on one of
several outgoing lines, and when the access number goes off hook (answers),
echo the number that the customer dialed; whereupon the long distance
service provider takes over. However at this particular location, a
five-digit access code was not available, and so a full seven-digit access
code had to be used. In other words, the system simply forwarded all calls
to another ordinary-looking phone number. Unfortunately, the technician
inadvertently entered _my_ phone number while correcting a previously(!)
erroneous number.
Hence, all long distance calls placed from that apartment complex
rang through to my number starting at 6pm Friday evening.
This prompts some interesting observations:
1. No caller ID is transmitted with the call,
2. There is no handshaking between PBX and the service provider.
3. Audio is immediately enabled upon completion of number dialed.
Speculations:
1. All accounting probably resides in the PBX
2. Most billing info and programming is done via modem.
3. Anyone with the seven digit access code...
...has unlimited free telephone service.
Kind of makes you wonder what the fraud rate is in this industry, and how
much is added to the average telephone bill to offset it. (No, I did not ask
what number the computers were trying to call or I'd be their prime suspect!)
Of course, once awakened, Murphy did not stop there. WTT's emergency
pager number had been _Disconnected_. Nor could Pacific Bell Information
find any local phone number for WTT. When I finally got the correct number
from the apartment manager and called WTT, their automated attendant / voice
mail system kept telling me to dial 0 for their operator (receptionist),
then complained this and other automatically suggested extension numbers,
were not valid. Whereupon the default error message, of course, again
instructed me to dial 0 for the operator. (This kind of looping appears
rather common in corporate automated attendant systems.) Eventually some
error count was exceeded and at least _this_ computer had the sense to hang up.
The RISK of not checking your telephony systems for message loops, old
numbers, etc. is looking like a corporation of idiots. Not to mention a
telephone company not having a publicly listed telephone number! [I think
we now might understand WHY! PGN]
(My favorite ploy in the case of such loops and lockouts, is to look
for a Smith or Jones in their audio telephone directory, and inform him that
his company is losing thousands of dollars in sales because the telephone
system will not let callers speak to a human being; then ask he pass my
number on to an appropriate party. Few ever bother. They must think it's
not their job to help their company be profitable.)
Finally, The local Bell Systems affiliate repair service (good old
611) told me that the RISK of harassing innocent telephone subscribers, as
they agreed WTT's automated equipment was clearly doing, was having
telephone service to their equipment, and thus the entire apartment
complex, disconnected. (Probably by Monday...)
But of course, Murphy being who he is, Repair could do nothing right
now. And in retrospect, they really could not do much. Repair directed me
to several different Pacific Bell departments, each with its own 800 number,
but all of which had an identical automated voice issuing identical
instructions. The RISK of using identical messages (computer voice
screens?) is having customers think they are reaching the SAME number. For
all I know, I may have been! Eventually, the chain of "if you have... then
call 1-800-..." messages, which are heard after one finds one's situation is
not on the menu, reached a recorded message informing me to call the local
police to handle the situation.
Is the RISK of having electronic equipment becoming deranged, with no
obvious "OFF" switch, having it SHOT by law enforcement officials?
Something equipment designers really ought to think about!
After numerous complaint calls to the apartment manager, WTT, and
Pacific Bell by apartment residents, Pacific Bell, the apartment manager,
and myself, a WTT technician entered another set of access codes into the
system. The calls ceased shortly before noon, Saturday. I received a long
and very apologetic call from the technician. We ended up discussing the
operational details of the PBX. The technician also checked the voice-mail
looping problem and reports they will have to completely reconfigure their
company office's automated attendant system to avoid the "dial operator"
loop problem.
The RISKS of Busy Telephone Neighborhoods
The people at the Misdialing Gardens Apartments were more polite than
those involved when Coca Cola published my number as their in-warranty
emergency repair number three years back. Now I say that I can fix almost
anything (and often do), but those people insisted I fix their Coca Cola
machines _Right_NOW_For_FREE since soda was usually spewing forth onto the
carpet, etc. Complaints to Coca Cola Corp.'s headquarters met with
Persistent Insistence that my number was Indeed _The_Correct_Number_ for
their in-warranty repair service. They kept looking it up in their
corporate directory and their computers, and telling me it "The computer
says that _IS_ The Correct Number, so stop bothering us!" (I couldn't seem
to get a VP's secretary to understand the true nature of the problem. And
of course, she would NOT pass me on up the line because _I_ was
_Obviously_Wrong_.) After a few go-arounds like that with Coca Cola's
Headquarters, I just gave up and chanced my number to an unlisted number
without a forwarding reference. It only cost me several hundred dollars to
change stationary and notify all my clients...
... Some of whom had recently changed their fax numbers... And
since I usually set up a computer to send these overnight... Well, I
guess I just had all those "favors" returned this past week end!
The ADVANTAGE of Call Return
I still get calls at all hours, but not as often; the present phoney
phone callers all hang up when they hear a human answer, making one think of
burglars trying to see who is home, or the odd former acquaintance,
ex-spouse, or ex-employee who might have traded a few marbles for some lead
pellets. When I ordered call return to investigate this problem, the
Pacific Bell representative told me to call these phoney callers back and
say "I am working with" (not for) "the telephone company to determine why
people call this number." The responses revealed that my current number in
the slipped digit neighborhood of a touch-tone-based Automatic Bank
Information system. If I politely return those phoney phone calls, I can
keep the number of calls down to two or three a month as opposed to the
original three or four a week. (Not to mention retain my peace of mind!) I
guess people do learn.
Don't call me, I won't call you! Please!
Several individuals have commented that someone less ethical might have
set up one of those $95.99 voice mail cards to ask for the caller's account
and PIN numbers, then apologize for the rest of the computers being
unavailable. In effect, a telephonic analog of a terminal with a phony
login screen. Which reminds me of...
The RISK of Borrowing Time Sharing Programs
Back in college, some twenty two years back (seems like yesterday!), I
had been assigned the task of catching a student who was using a phony log
in-screen to steal account numbers on CPS, the time-sharing system which ran
on UConn Research Computer Center's IBM 360. CPS (Conversational
Programming System) was an interactive PL/1-like variant of BASIC. In one
evening, I was able to cobble together parts of a utility program I was
writing to create a 1,400-line PL/1 program which performed a brute force
search over the CPS saved program hierarchy for the word "login". (Not so
easy since CPS used its own file format, saving programs and data in
tokenized form; but my utility already scanned comments for expiration
dates.)
It turned out that the offending programs were saving themselves with
the captured login data stored in arrays. As in interactive BASIC, the
miscreant could query these arrays without executing the programs
themselves. I "de-initialized" the arrays and subtly damaged the programs.
An "On Error" statement was used to activate a few new lines near the end of
the program to message the main operations console whenever the programs
were either run OR the now invalid array elements were queried.
Several nights later, I arrived just in time to join two other staff
members as they ran across campus to catch an unexpected second miscreant.
She later managed to convince the powers that be that she was not The Real
Miscreant; but had "merely borrowed a program to see how it worked." I
always wondered about that. Did you really do it, Ellen? Or was it really
the other fellow?
The RISK of stealing time-sharing programs is stealing Booby Traps.
-JVV-
------------------------------
Date: Tue, 1 Nov 94 15:18:19 EST
From: Tom Swiss <[email protected]>
Subject: Risks of assumption (Carasso, RISKS-16.52)
First, I'd like to disagree with Mr. Carasso's belief that user
confusion due to a lack of standards in control layout is "stupidity". It's
very easy for users to develop an automatic patterns for some frequently
performed operation, and then repeat that pattern in a circumstance where it
is not appropriate. For instance, I've developed a habit of hitting
Control-X Control-C y to exit emacs and confirm it's "Save file foo? (y or
n)" prompt. Then I went to use an editor that, upon exit, prompted something
like "File foo not saved - really quit? (y/n)" My fingers were running the
emacs pattern and hit "y", thinking that that meant to perform the save,
when in fact it meant to exit without saving. I can very easily imagine a
long time PC user whose fingers get ahead of his brain, confuse the floppy
eject with the power switch, and shut the machine off.
I'd also like to question his assumption that if you made such a
mistake, you "obviously just got your Mac, there's little of value on it,
and it's unlikely that anything damaging will *really* happen." It seems to
me that to properly assess the risks of such a situation, one should always
assume a worst-case scenario.
So what kind of "what-ifs" can we add to this situation?
In the worst case, safety critical equipment might be controlled by
that Mac. (Yes, we know that there should be a protective cover over that
switch in such a case, but I'll bet you a nickel there's a system out there
right now that could hurt someone if such down at the wrong time and is
without such a cover.) That's a obvious risk.
Less obvious is the possibility of losing very important data. To take
an example from my own experience, I was forced to do my first extensive
Macintosh work (aside from some light word processing at an old job) for a
robotics class Programs were compiled on the Mac and downloaded to the
controller board. We saved our work on floppies so we could move the work
between any one of several Macs.
Much of the work (at least for my team) turned out to be trial-and-
error setting of various constants. It might take a dozen compile-download-
test cycles to find a good value for one such constant. I can just imagine
the horror, the wailing, and the gnashing of teeth had one of us gone to
swap floppies to save some bit of work and, operating on auto-pilot (as is
known to happen when you're working at some ungodly hour to meet a
deadline) hit the power switch and sent that work to the bit bucket.
-Tom Swiss / [email protected]
------------------------------
Date: Mon, 7 Nov 1994 10:23 -0400
From: [email protected]
Subject: Re: CMU blocks access to nasty newsgroups
A few months ago I responded to a similar issue on another mailing list. As
a parent, I can appreciate the problems with adding to the burden of
parental responsibility in presenting one more threat we must shield our
children against.
The real question is how to prepare children for a world in which censorship
is not viable -- how to make them better participants in a world rich in
information and sleaze. Which is which is often a matter of personal
opinion. Ultimately they will have to make the judgment of how to handle
it.
I realize that there are lots of issues here and that the mere presence of
objectionable materials does open organizations up to harassment suits. But,
ultimately, this country has made a bet that open access to information is
the better option. Other countries have more or less censorship on various
issues and are no longer across a wide ocean.
This does mean that one (as a parent, educator, whatever) needs to try to
teach that not all information available is valid or representative of the
real world.
But some information can be real and disturbing. At one point while I was in
elementary school, I had a great fear of news -- especially international
news. Considering that it was in the 50s and duck and cover was a part of
the curriculum and one standard topic was how big an H-bomb it would take to
reach our school if it landed (precisely?) at Columbus Circle in New York,
this was not totally irrational.
But is it better to grow up in a world unprepared, without an immune system?
------------------------------
Date: Mon, 7 Nov 1994 09:13:11 -0800 (PST)
From: Arthur Hicks <[email protected]>
Subject: RE: CMU blocks access to nasty newsgroups
"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> wrote of attempts to
resolve the problem of access by children to possibly unsuitable sexual
material in certain USENET newsgroups. I would like to respond, as a
seemingly responsible parent, with some examples of real parental controls,
and real parental concerns about this issue. In our case the family MODEM
is hardwired to a separate local-only phone line, somewhat reducing the
scope of possible teenage computer activities, but Internet is another
matter. I have applied suitable access limitations to my son's AOL
sub-account, and my kids are never allowed any visual access to my
passwords. My kids have also freely discussed these issues with me, and can
be expected to understand them to the degree that they are willing to
understand them. To that extent I don't worry about my kids and their
activities. I am concerned however, with the very real problem of adult
human "predators" who seek out congregating kids, whether it be outside the
neighborhood convenience store or on the Net. It is a mistake to think that
"good", intelligent kids can necessarily resist or even be aware of the
attempts of an experienced adult "predator" to do them harm. This is why I
remain concerned about the issue of suitable Net access for kids. The
article by Mich Kabay appears to trivialize the real concerns of parents who
are trying to be responsible about giving their kids access to contemporary
tools, but also wish to avoid unreasonable risks to the well-being of their
children. Art Hicks
------------------------------
Date: Mon, 7 Nov 1994 15:21:20 -0500
From: Jim Huggins <[email protected]>
Subject: CMU and Newsgroups (Kabay, RISKS-16.53)
Mitch Kabay comments at length about CMU's decision to block access to
alt.sex.* et. al. on its computer systems. Mitch's comments focus
mostly upon access, calling for finer grains of access to the Internet
rather than total vs. no access.
While Mitch raises good points, they really don't address CMU's
dilemma. The following is an excerpt from the official on-campus
announcement of the change:
Pennsylvania laws prohibits us from carrying bulletin boards
that are known to be used for the distribution of sexually
explicit or obscene material. It is against the law for
anybody to knowingly distribute sexually explicit materials to
people under the age of 18, or obscene materials to people of
any age. [...]
[T]he only criterion that will be used when considering the
withdrawal of a bulletin board is that either the intended
purpose for which it was established or its primary use
(majority of the posts) makes it illegal for Computing
Services to provide access to the bulletin board.
(N.B. Usenet groups at CMU are usually called bulletin boards.)
This isn't really an issue of whether minors can get access -- the
vast majority of students at CMU are over 18, anyways. The problem is
that obscene material cannot be distributed in PA, regardless of the
age of the recipient. And so CMU needs to find a way to obey the law.
In some ways, this is already the finer-grain access that Kabay
suggests. CMU isn't going to monitor every newsgroup for obscene
materials; it simply will eliminate those newsgroups where such
material is the most prominent.
Of course, whether or not local definitions of obscenity make sense
anymore in a global infobahn is another question entirely, and one
in which I'm still undecided.
Jim Huggins ([email protected])
------------------------------
Date: Mon, 7 Nov 94 13:41:33 -0600
From: [email protected] (Harry Rockefeller)
Subject: Re: CMU blocks access to nasty newsgroups (Kabay, RISKS-16.53)
Mich seems to discuss only one of three problems here. He notes that
there is material suitable for adults but not for children. He
correctly notes that it is the parent's responsibility to build a
suitable barrier.
The other two issues of "censorship" he did not discuss are: 1) Highly
offensive material not suitable for anyone, and 2) Any material
offensive to a payer.
In category 1) may be child pornography, or bestiality pornography.
The material (at a state or more local level IMO) may be simply ruled
illegal.
In category 2) Realizing that CMU receives tax funds we should ask if
any of these tax funds pay for Internet? If yes, then a case may be
made to eliminate several newsgroups because they are offensive to
some segment of the taxpaying public.
Harry Rockefeller FlightSafety International, Simulation Systems Division
Broken Arrow, OK 74012 [email protected] (918) 251-0500
------------------------------
Date: 20 October 1994 (LAST-MODIFIED)
From: [email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <[email protected]>
(Dennis Rears <[email protected]>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<[email protected]> (which is not automated).
CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
or cwd risks:<CR>, depending on your particular FTP.
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; [email protected] and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail [email protected] .
------------------------------
End of RISKS-FORUM Digest 16.54
************************
|
|
