RISKS-LIST: RISKS-FORUM Digest  Monday, 26 October 1987  Volume 5 : Issue 49

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
  Freak winds in southern England (sufrin, Franklin Anthes)
  On the Risks of Using Words That Sound Similar (Bruce N. Baker)
  CD, Terrorism, Stocks (Jim Anderson)
  The Stock Market Computers and SDI (Bob Berger)
  (Almost too much of) Password Encryption (Matt Bishop, Mark Brader)
  Re: Phone Service Degradation -- and 911 (R.M. Richardson)
  INUSE.COM Program (Chris McDonald)
  Free phone-calls (E. van Batenburg)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious.  Diversity is welcome. 
Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM.
For Vol i issue j, FTP SRI.COM, CD STRIPE:<RISKS>, GET RISKS-i.j.
Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97).

----------------------------------------------------------------------

From: sufrin%prg.oxford.ac.uk@NSS.Cs.Ucl.AC.UK
Date: Sat Oct 24 23:56:06 1987
To: RISKS%kl.sri.com.us@NSS.Cs.Ucl.AC.UK
Subject: Freak winds in southern England

I wonder what the average English resident would have done if there
HAD been advanced warning of last week's hurricane? My guess is
that the most probable reactions would have been something like:

	1. Don't be silly; this is England.         

	2. Let's take the kids outside and watch.

The Oxford Literati would of course have rushed around quoting
Bernard Shaw (Pygmalion) to the effect that

	"In Hereford, Hertford and Hampshire, hurricanes hardly happen".

"I must go and tie the roof of my house down, and make sure that my
neighbours' chimneys and trees are all secure" comes in way at the
bottom of my list of likely reactions, and I can't help asking what the
emergency services or the utility companies COULD have done if they
had known a few hours earlier (apart from cancelling leave).

Perhaps the weather forecasters did us all a favour! There would have
been many more casualties if there had been a lot of people outside
watching. There may even have been more casualties from panic if the
forecasters had known and had made clear what to expect, and where
to expect it. Certainly neither the military nor the civilian emergency
forces here are prepared for mass evacuations of the kind that might
have saved some of the lives that were lost. (They usually claim to be
astonished when it snows more than a couple of inches in an evening).

Do I hear you ask "what's this got to do with the risks of using
computers?" I worked very late at the computing Lab on the eve of the
Hurricane, tumbled into bed at about 2:30am, and slept through the
whole thing.

------------------------------

Date: Fri, 23 Oct 87 14:50:12 +0200
From: mcvax!geocub!anthes@uunet.UU.NET (Franklin Anthes)
To: RISKS@kl.sri.com
Subject: Freak winds in southern England
Organization: Greco de programmation, Bordeaux France

 Maybe it was unexpected in the UK, but here in France there were storm
warnings on the midday news. They said that a very strong storm was forecast,
and sure enough that night some parts of France had 220km/h winds.

 I know that "la meteorologie nationale" here in France has a Cray for their
forecasting. Maybe the UK doesn't have such high-powered computers? Or maybe
French weather forecasters are just better:-):-)

	Frank Anthes-Harper
Usenet: ....!ucbvax!decvax!uunet!mcvax!inria!geocub!anthes

------------------------------

Date: Mon 26 Oct 87 09:41:59-PST
From: Bruce N. Baker <BNBaker@KL.SRI.Com>
Subject: On the Risks of Using Words That Sound Similar
To: Neumann@csl.sri.com

In RISKS 5.48, Richard S.D. D'Ippolito points out the substitution of the
word "casual" where "causal" was intended.  The difference is significant.
I see more and more of this type of problem as we become dependent on
spelling checkers that accept properly spelled words even though they 
completely distort the meaning.  Words that sound similar and look similar
to a secretary are especially a problem.  

In the same issue, Scot E. Wilcoxon's contribution regarding Phone Service
Degradation and 911 uses the word "exasperated" when "exacerbated" was 
intended.  The meaning still comes through, and in a few years, if enough 
secretaries type the one word when it should have been the other, the two will 
appear as synonyms, similar to the way "scan" and "skim" have evolved.
"Apprise" and "appraise", and "foundering" and "floundering" will soon suffer
the same fate.  No one seems to understand "affect" vs. "effect" anymore so
we might as well list them as alternative spellings of the same word.  It
might be a bit more dangerous when we equate "enervating" and "invigorating".
Not even Webster seems to care about preserving the distinction between
"aggravate" and "irritate".  Of course, Webster merely reflects the bad usage
we impose on our language, and often secretaries merely mirror the bad usage
of the writing they receive.  So now "terrific" lists just about any context
you may wish to give the word.  But surprisingly, "livid" does not equate
with "angry" in my 1971 version of Webster.  Surely, that has been "corrected"
by now.  "Erstwhile" still does not have "distinguished" as one of its 
meanings so maybe there is some hope.

I guess my point of all of this is that some of us still care about the 
original intent of words.  No, this will not make the transition to the 
original intent of the framers of the Constitution.  As a former professor,
I was astounded at how many students were upset by my corrections to their
grammar.  Often, I heard, "I didn't know we were supposed to proofread our
papers," or "I didn't realize this was an English class, I thought it was
a course in the business school."

How vulnerable I am.  I am sure there must be at least 10 errors in word usage
and "grammer" here, but that won't "effect" me at all.

   [I try to fix obvious screwups when possible.  There are times (such as
   today) when I have a very limited window on-line (and 40 backlogged
   messages -- too many of them on UNIX passwords).  This afternoon I had a 
   net connection that would give me only a few echoed characters, sometimes
   with more than five-minute delays.  PLEASE try to edit your own messages
   more carefully, and don't be surprised when your incoherent contributions
   are not included.  Also, I'm getting a lot of UNIX password stuff that
   heavily duplicates earlier messages.  I can guess that some of you are
   still getting mail many days late...  or just don't like to read.  PGN]

------------------------------

Date:  Fri, 23 Oct 87 15:08 EDT
From:  JPAnderson@DOCKMASTER.ARPA
Subject:  CD, Terrorism, Stocks (Previous 3 RISKS)

The last 3 RISKS prompted some responses.

Re:  "Civil Disobedience"

From what I have seen this kind of behavior is not very CIVIL!  It is
also an example of the debasement of the language (language in the pits)
practiced by certain newspapers and even radio and TV stations --
euphemisms to replace (and distort) reality.  "Civil Disobedience" is
actually at the minimum a misdemeanor called Disturbing the Peace.
Unders some circumstances, I would agree with the writer who claimed it
was terrorism.  Certainly mobs, no matter how well intentioned are not
engaged in CIVIL behavior.  Often, these little excursions boder on
riots.  Of course, they are not called any of these things, particularly
since newspapers, radios and TV started calling strikes (often illegal,
and unauthorized) 'Job Actions'.  When I was growing up, most of the
'Job Actions' of Teachers, Civil Servants of various kinds and other
employee groups (like the NFL players) were called strikes, or sometimes
WILDCAT strikes (meaning they were illegal and/or unsanctioned by the
parent organization).  So, spare me the "Civil Disobedience", "Job
Actions", and while we are at it, "Methodology".

Re:  Stocks into Bondage

It is interesting, considering the volume and panic, that the NYSE
computer systems did NOT fail, even though they were sure overloaded,
and continued to be a couple of hours late in reporting trades.  An
'atta boy" to the designers and implementers of those systems.

Cheers, Jim

------------------------------

Date: Sun, 25 Oct 87 20:28:48 EST
From: berger@datacube.com (Bob Berger)
To: risks@csl.sri.com
Subject: The Stock Market Computers and SDI

I hope that the experience of a large network of computers doing something
unplanned for such as accelerating the crash of the stock market will make
the "Decision Makers" stand up and take notice!

The network of computers that makes up the stock trading system is much less
complicated than what the SDI planners are calling for, yet the stock
computers behaved in unexpected ways that were bad for most people involved.
In this case it was only that some people lost millions and a major fracture
had been put in the stability of Western Society's economic structure.....
				Bob Berger 

Datacube Inc. Systems / Software Group	4 Dearborn Rd. Peabody, Ma 01960
VOICE:	617-535-6644;	FAX: (617) 535-5643;  TWX: (710) 347-0125
UUCP:	berger@datacube.COM,  rutgers!datacube!berger, ihnp4!datacube!berger
	{cbosgd,cuae2,mit-eddie}!mirror!datacube!berger

       [Remember, Jim is talking about the transaction processing and Bob
       is talking about programmed trading feedback instabilities...  PGN]

------------------------------

Date: Sun, 25 Oct 87 10:30:28 EST
From: Matt Bishop <bishop%bear.dartmouth.edu@RELAY.CS.NET>
To: RISKS@KL.SRI.COM
Subject: (Almost too much of) Password Encryption

   A little comment on UNIX password encryption.  It may be very redundent.
        [Yes, it is, but perhaps if people will read it, they will stop
        submitting suboptimal communications.  PGN]

In RISKS 5.48, "Russ_Housley.XOSMAR"@Xerox.COM asks if the "modified DES"
is a one-way hash.  Nope.  The modified DES just encrypts the null message
(all 0's) with the password as key and maps the result to a 64-character
alphabet.  That, plus a code indicating which modification is used, is
stored on line.  When a user logs in the password he supplies is used to
repeat this procedure, and the result of that is compared to the (stored)
value.  If they agree, the password is right and the user is logged in.
If not, the password is not correct and the user is not logged in.

The modification, incidentally, is to perturb the E table in one of 4096
ways and apply that DES 25 times in succession.  (That is, the output of
the first is the message for the second, the key being the password in all
iterations.)   The idea is that the perturbation prevents dictionary
searches for a large number of passwords by forcing the password algorithm
to be run once for each possible password AND for each already-encrypted
password (that is, instead of just encrypting a 25,000 word dictionary
and comparing the result against each of 100 encrypted passwords, an attacker
has to encrypt the 25,000 word dictionary once for each encrypted password;
this is equivalent to 2,500,000 encryptions.)  Hence, the time for such
a search should be unacceptably high.

Matt Bishop

bishop%bear.dartmouth.edu@relay.cs.net
...!decvax!dartvax!bear!bishop

------------------------------

Date: Fri, 23 Oct 87 22:49:32 EDT
From: msb@sq.com (Mark Brader)
To: risks@csl.sri.com
Subject: UNIX Passwords

> The truncation of UNIX passwords to 8 characters is not a bug, it's a
> feature.  If you have source, examine the code to libc/gen/crypt.c.
> Your password is *not* actually encrypted on UNIX.  Rather, it is used
> as the *key* to encrypt a standard block of text ...

and since DES has 56-bit keys, the password has to be reduced to 8 7-bit
characters.  True, but taking the *first 8* characters is about the worst
method I can think of for reducing a long password to 56 bits!  I've never
been satisfied with this aspect of UNIX; I want 12 significant characters
in my passwords (and all alphabetic, please, so I can type them *fast*).

Taking the *last* 8 characters would be a distinct improvement, because
it's necessary to pause a moment before entering the password, and people
tend to use that moment to reach for the first key or two of the password.

Better yet would be to use a simple hashing function to map the long
password onto the 56-bit space.  Even something as simple as XORing
the 1st, 9th, 17th, etc. characters into the first 7 bits, and likewise
for the other positions, will ensure that any small change to any
part of the password generates an incorrect password.  With a space of
72,057,594,037,927,936 hash buckets, it makes no practical difference that
there are now many alternate passwords that yield the same 56-bit sequence.

(The same technique would also be useful for any banks that come to their
senses and allow 12-digit PINs for ATM use -- around here they're all either
4 or 6 as far as I know, and mostly without privacy shields on the keypads
-- but which think it's much too much work to change their file format.)

It also wouldn't hurt to "personalize" and keep secret the "standard block
of text" that is encrypted using the 56-bit key; this would inhibit
some kinds of password searching done on a different UNIX machine by someone
who gets a copy of the password file (with the "encrypted passwords").
This is best done when the machine is acquired, as it invalidates all
existing passwords.

Any of the steps described above would make it impossible to simply
copy a password file onto, or from, an unmodified UNIX system and use it.
Whether this is an advantage or disadvantage depends on the situation.

Mark Brader, SoftQuad Inc., Toronto, utzoo!sq!msb, msb@sq.com

	If ... it seems easier to subvert UNIX systems than most other systems,
	the impression is a false one.  The subversion techniques are the same.
	It is just that it is often easier to write, install, and use programs
	on UNIX systems than on most other systems, and that is why the UNIX
	system was designed in the first place.
				-- Frederick T. Grampp & Robert H. Morris

------------------------------

Date: 25 Oct 87 21:48:09 PST (Sunday)
Subject: Re: Phone Service Degradation -- and 911
To: umn-cs!sewilco@datapg.MN.ORG (Scot Wilcoxon)
Cc: RISKS@csl.sri.com, RMRichardson.PA@Xerox.COM
From: Rich <RMRichardson.PA@Xerox.COM>

From: umn-cs!sewilco@datapg.MN.ORG (Scot Wilcoxon)
> I will be suggesting to the Minnesota Public Utilities Commission 
> that they try to have 911 protected from this kind of problem.  I 
> think the way to reduce giving a delayed dial tone to everyone is 
> to try to give greater delays to people trying to dial a number 
> causing an overload.  Preferably also give even greater delays to 
> repeat callers or autodialers.  Presently the local carrier is 
> required to give equal service to everyone, even if that means 
> giving equally bad service.

Pardon me, but there seems to be an assumption in here that just isn't true.
When you say "... give greater delays to people trying to dial a number
causing an overload," you are assuming the telephone exchange knows which
number is to be called before it gives a dial tone to the caller.  But you
see, the dial tone is given so the caller may send the number to be called
to the exchange.  If the exchange can predict the number to be called, dial
tones are unnecessary (along with half the equipment in your phone!).
                                                                       Rich

   [Hmm... I interpreted the suggestion as delaying the NEXT dial tone.  PGN]

------------------------------

Date: Mon, 26 Oct 87  7:56:32 MST
From: Chris McDonald  STEWS-SD 678-2814 <cmcdonal@wsmr05.ARPA>
Subject: INUSE.COM Program
To: risks@csl.sri.com

As a matter of policy we require automatic timeout features on our systems,
where feasible, to disconnect inactive terminals.  The thinking is that in most
cases an "inactive" terminal in our environment denotes that a user has left
his or her device unattended.  Hopefully the timeout program may save a user
from his or her own carelessness and preclude another person from
"masquerading".

You might expect that not all users are that enthusiastic about the program.
On some of our VMS hosts several personnel use a DCL command file generally
named INUSE.COM.  The program formats the screen to show "Terminal in Use"
in theory one must know the password to then gain access to the terminal.  At
least that was what many users thought!

When we finally began to install the Version 4 update of VMS, we found that DEC
had implemented a recall function.  By entering a Ctrl Y and pressing the up
arrow on the terminal a user could recall the last input to the screen.  So
logically, if the last input was the password, then . . .?

We found it rather ironic that users thought they had protected themselves and
defeated our automatic timeout program at the same time.  The INUSE.COM program
can be modified to address the recall function.  

------------------------------

Date:     Mon, 26 Oct 87 14:35 N
From:     <SBQBEB%HLERUL57.BITNET@wiscvm.wisc.edu>
Subject:  Free phone-calls
To:       Neumann@KL.SRI.Com

E.van Batenburg, Instituut v.Theoretische Biologie, Groenhovenstraat 5
2321BT Leiden Holland (tel.071-132298)

The Dutch "Personal Computer Magazine" revealed in its september issue
how hackers in Holland managed to fool the telephone company and got
free phone-calls to everywhere in the world.
First they ring 06 which announces to the Dutch telephone computer that
a "collect" call is to be dialed.
Next they choose a number in Denmark (which one was
unfortunately/fortunately, depending on your point of view, not
revealed) which let the Danish computer reply to Holland that the call
is accepted.
Finally they dial their proper destination.

The Dutch telephone company reacted rather grumpy to this disclosure.
They stated that PCM is stimulating abuse of the telephone.
According to them they have no means to correct this on short notice
because the Danish computer is at fault and they are waiting for a
complete overhaul of the Danish telephone computer.

It is not clear who (if anybody) is paying the costs for those calls.
                       Eke van Batenburg

------------------------------

End of RISKS-FORUM Digest
************************