in RISKS Forum
RISKS DIGEST 18.07
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Thu Apr 25 19:57:26 1996
From: RISKS List Owner <email@example.com>
Date: Thu, 25 Apr 96 16:56:31 PDT
RISKS-LIST: Risks-Forum Digest Thursday 25 April 1996 Volume 18 : Issue 07
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
Former Oracle worker charged with perjury: bogus e-mail (PGN)
A reminder about letter bombs in MSW6.0 [name withheld by request]
AOL censors British town's name! (Clive Feather, Rob Kling)
Re: Swedish court fines parents for son's overly long name (Viiveke F?k,
Computers and Social Unrest (Carl Wittnebert)
When the Clock Strikes 2000 (Edupage)
Re: MCI recommending bad security practices (Peter Scott)
Society and the Future of Computing '96, 16-19 Jun 1996, Snowbird, UT
CERT (sm) Advisory CA-96.09, Vulnerability in rpc.statd (CERT)
ABRIDGED info on RISKS (comp.risks)
Date: Tue, 23 Apr 96 17:58:50 PDT
From: "Peter G. Neumann" <firstname.lastname@example.org>
Subject: Former Oracle worker charged with perjury: bogus e-mail
Adelyn Lee had won a $100K out-of-court settlement for wrongful termination
from Oracle in February 1995, claiming that she had been fired for refusing
to have sex with Oracle president Larry Ellison. She had apparently used as
evidence a piece of e-mail from her boss VP Craig Ramsey to Ellison,
confirming that Lee had been terminated as per Ellison's request. To make a
long story short, San Mateo County Deputy District Attorney Paul Wasserman
said that their investigation has now come to the conclusion that Ramsey
could not have sent the e-mail (because he was driving in his car at the time
according to cell-phone records) and that, as Ramsey's executive assistant,
Lee knew his passwords (and indeed had been responsible for changing them for
him periodically). Lee has now been charged with felony perjury for lying
and sending false e-mail. [Source: *San Francisco Chronicle*, 20 Apr 1996,
What are some of the conclusions for RISKS readers (not new)?
1. Don't believe e-mail FROM: headers accurately represent the sender.
2. Don't believe the content of e-mail, whether or not the headers
3. Don't share your passwords overtly with anyone, or let someone else
be responsible for your passwords.
4. Don't use covertly compromisible reusable fixed passwords; how often
you change them is more or less irrelevant.
5. Use one-time nonreusable authentication tokens instead of fixed passwords.
6. Even if you use PEM, PGP, stronger-crypto e-mail, or whatever, you
cannot ensure authenticity, because of untrustworthy operating systems
and untrustworthy users.
7. Beware of trying to use e-mail as nonrepudiatable court evidence.
8. HOWEVER, don't believe that cell-phone records are valid as court
evidence; they too could be bogus or altered. If someone drags you
into court, find someone who can demonstrate how easily those records
could have been altered!
9. Etc., etc., etc.
Date: Tue, 23 Apr 96 17:58:50 PDT
From: "[name withheld by request]"
Subject: A reminder about letter bombs in MSW6.0
Today I got e-mail from Agptacek@aol.com. I have never received e-mail from
this account before. I have no idea who it is. All I got was the message
below --- "Pls. find file attached." --- plus a Microsoft Word 6.0 file.
Now, anybody who has been following the stuff with MSW6.0 knows that
executable code can be hidden in MSW6.0 files. Perhaps code to delete my
files. Or give me a new virus. [Or a nasty Trojan horse.]
Do you trust e-mail that anybody sends you?
>Date: Wed, 24 Apr 1996 01:02:03 -0400
>Subject: Discovery Records
>Pls. find file attached.
>Attachment converted: Asher:Discovery 1 (W6BN/MSWD) (00008B8A)
Date: Wed, 17 Apr 1996 15:28:52 +0100 (BST)
From: Clive Feather <email@example.com>
Subject: AOL censors British town's name!
[Clive forwarded to RISKS an long item from the Computer underground Digest,
Thu Apr 11, 1996, Volume 8 : Issue 29, ISSN 1004-042X, from Doug Blackie
<STEELBEAT@aol.com> that relates an experience Doug had in trying to
register with AOL. He entered his name "Blackie" and his home town
"Scunthorpe", and found that AOL's (indecency-filtering) registration
program would not accept that combination. After various discussions with
the AOL folks in Dublin, he discovered that he could register properly if
he entered the town as "Sconthorpe". As a result of this curious situation,
AOL has announced that the name of the town will henceforth be known as
"Sconthorpe". The entire saga is documented in the Scunthorpe Evening
Telegraph (final edition) of Tuesday, 9 Apr 1996, issue number 30111,
printed and published by Grimsby and Scunthorpe Newspapers Ltd., Telegraph
House, Doncaster Road, Scunthorpe, DN15 7RE, UK. The article was provided
on-line by David G. Bell <firstname.lastname@example.org>, and was included as
a part of Doug Blackie's message. PGN Abstracting.]
Date: Thu, 25 Apr 1996 11:10:22 -0700
From: email@example.com (Rob Kling)
Subject: Re: AOL censors town's name!
[The previous item contributed by Clive Feather touches on some further
serious issues relating to the effectiveness, propriety, and risks
involved in filters that attempt to censor on the basis of linguistic
strings; as other examples, side-effects of filtering "couples"
(RISKS-17.79) and "xxx" (SurfWatch, RISKS-17.81) have been noted in recent
Rob Kling is a member of the ACM Committee on Computers and Public Policy,
the umbrella organization in ACM for RISKS. He had the following comments
upon seeing the above message; his comments address just a few of the RISKS
issues raised. PGN]
There is a lot of info regarding Scunthorpe obtainable via Alta Vista.
This is a real city and its integrity deserves respect, even if it is
not exactly a place well-known to people in the US. [For example, see
I can imagine that there might even be some people with the last name of
Scunthorpe. The willingness of AOL (or other services) to excise identities
in the name of "decency" raises big issues of genuine decency in my view.
Date: Wed, 24 Apr 1996 08:52:41 +0200
From: firstname.lastname@example.org (Viiveke F?k (?= a letter UNIX can't handle))
Subject: Re: Swedish court fines parents for son's overly long name
The law in question states that parents should report the name they have
chosen for their children within a specified time after birth (three months
I think). The authorities in their turn has a rule saying that they should
not allow registration of names that are likely to cause harassment or other
obvious drawbacks for the child, like giving a girl what is traditionally
exclusively a boy's name and vice versa. Another recent case was when
parents were not allowed to name their girl Ikea (a constructed name for a
fairly well-known furniture company) and an older example was when another
girl could not be named Veranda (which means exactly the same in Swedish).
What has this got to do with computers and risks? The parent's choice of
name in this case is a protest against bureaucracy in general, one part of
which is that the authorities have indeed a limit on how many characters
that they register for each child. (The row of letters is as impossible to
pronounce in Swedish as it is in English. Albin is of course a perfectly
valid name here too.)
As for computers and real risks, this is an international question about
assumptions of name structure and their use in design of computer systems.
We often even can't handle our own in Sweden. Swedes for example typically
have from one to three first names, and they choose themselves which one
that they use daily. That choice is reported, but many computer systems do
not register it. Normally it is the first "first name", but not
necessarily. Which means that there are mix-ups, when for example a
computer sends a letter to George Thomas Smith addressed to "George Smith",
and that happens to be what the father is not called (he uses his second
name Thomas) but it also happens to be what the son (Andrew Charles George
Smith) actually is called. This happened in my husband's family, and guess
how much trouble there was when the son tried to report that he was moving
to a new address... As for myself, I sometimes give in and register my
second "first name" as "middle name" when travelling, so that passport
authorities do not complain that I do have a "middle name" and should fill
it in. But if you come to Sweden and marry someone here, it is very likely
that you can not register that child's middle name, because it is
"offensive" as a first name, and we only register first and family names.
Viiveke F=E5k, Department of Electrical Engineering, Link=F6ping University
S-581 83 Link=F6ping Sweden +46 13 281722 Viiveke@isy.liu.se
[Incidentally, Albin's would-be given name (noted in RISKS-18.06)
had one occurrence of the putatively heinous "xxx". Perhaps we
will all someday have to be identified by multilingually and
transnationally filtered globally biunique identifiers -- to
accommodate our computer systems. (Note that Internet addresses and
phone numbers are unique if globally qualified, but are not biunique
-- because they may be shared by multiple personalities). PGN]
Date: Thu, 25 Apr 1996 16:59:09 +0000
From: Gunnar Pettersson <email@example.com>
Subject: Re: Swedish court fines parents for son's overly long name (R-18.06)
The law that was broken is the Swedish 'Name Law' (SFS 1982:670) and the
authority which deals with its implementation is the Swedish Patent &
Not having seen the detailed judgement in this case, I would guess that the
law was seen to have been broken in at least two ways. First a technical
reason: as your correspondent surmises, the name would have been regarded
as far too unmanageable for inclusion in the computerized Civic
Registration data held on all Swedish citizens. Secondly, and perhaps more
importantly, the law explicitly prohibits forenames "which can cause
offence, or may lead to any inconvenience for the bearer, or is for any
other reason obviously unsuitable as a forename".
As far as the meaning of the name 'Brfxxx...' is concerned, I would have
thought it is to be found precisely in its lack of meaning. And, whatever
one thinks of a law like the Swedish one, what about the poor kid himself?
Cases like this one tend to prove very little about the law itself, and much
more about the pretty warped attitude some people have towards their
The Swedish name law, on which most other Nordic name laws are based, is
nonetheless unusually restrictive as far as choosing and changing names are
concerned. However, it should be pointed out that practically every other
country, with the exception of the UK and parts of the US, have *some* form
of restriction on names: e.g. Germans can't change their names to Hitler;
French forenames must be taken from saints and/or antiquity; etc. etc.
In Nov 1992, I wrote and presented a talk on BBC radio, "Names Never Hurt
You", which deals with the social and political aspects of name laws, with
particular emphasis on Sweden. If anyone would like a transcript, please
Date: Thu, 25 Apr 1996 04:09:05 -0700 (PDT)
From: Carl Wittnebert <firstname.lastname@example.org>
Subject: Computers and Social Unrest
A potentially earthshaking risk of using computers is currently being
discussed at the highest levels of the U. S. government. The risk involves
human skill obsolescence, a growing wage gap between skilled and unskilled
workers, and possible social unrest. The phenomenon may underlie the themes
of economic nationalism and protectionism that have surfaced during the
current Presidential campaign.
The *Wall Street Journal* devoted a front-page column to the topic on 22 Apr
1996. It quoted Federal Reserve Board Chairman Alan Greenspan as saying,
"Human skills are subject to obsolescence at a rate perhaps unprecedented in
American history." It went on to quote George David, chief executive officer
at United Technologies Corp., who believes that 18 million U.S. workers are
"at risk" because their jobs are "prone to automation."
Upheaval in the nature of work--in manufacturing in the 1980's, and now in
the service sector--has been discussed for some time, usually under the
assumption that additional jobs would be created to replace the ones lost to
machines. Increasingly, the question is arising as to just how much the new
jobs are going to pay.
Date: Tue, 23 Apr 1996 17:34:05 -0400 (EDT)
From: Edupage Editors <email@example.com>
Subject: When the Clock Strikes 2000 (Edupage, 23 Apr 1996)
The Gartner Group in Stamford, Connecticut, says the federal government will
spend about $30 billion to modify a massive number of computer programs in
which years were coded simply as two-digit numbers (without identifying the
century) and which will have to be fixed so that they can correctly calculate
things like benefits payments. It is also estimated that by the time the
year 2000 comes around only 70% of government computer programs will have
been modified to deal with the problem. (*Computerworld*, 22 Apr 1996 p1)
[See RISKS-17.82 for global estimates of something around half a trillion
dollars, also from the Gartner Group. PGN]
Date: Wed, 24 Apr 1996 09:33:51 -0700
From: pjscott@euclid.Jpl.Nasa.Gov (Peter Scott)
Subject: Re: MCI recommending bad security practices (McDaniel, RISKS-18.06)
> For some strange reason MCI is recommending you to do exactly the opposite
> of what good security practices would proscribe! Not only do they suggest
Now there's an example of a misspelling-type RISK [reversing the meaning!].
Peter Scott, NASA/JPL/Caltech Peter.J.Scott@jpl.nasa.gov
Date: Thu, 25 Apr 1996 10:06:56 -0700
From: Jeffrey.Johnson@Eng.Sun.COM (Jeff Johnson)
Subject: Society and the Future of Computing '96, 16-19 Jun 1996, Snowbird, UT
Society and the Future of Computing '96
June 16-20, 1996
Sponsor: USACM. Contact Rick Light, Los Alamos National Lab, MS B294,
Group CIC-7, Los Alamos, NM 87545, phone 505/667-0744, e-mail
firstname.lastname@example.org, Web: http://www.lanl.gov/SFC/96/sfcHome.html.
This conference provides a multidisciplinary forum to articulate novel
research directions that advance computer science in ways that are truly
beneficial to society. Participants will share, explore, and demonstrate
the responsible use of advanced scientific computing and National
Information Infrastructure (NII) Program technologies for the benefit of
The conference structure includes keynote speakers, panels of invited
speakers in which attendees and the panelists engage each other in open
discussions of the issues, interactive poster presentations, debates, and
workshops. The intent is to share ideas in a multidisciplinary environment
for mutual enrichment and learning, ultimately to affect the directions of
computer science research and applications for the benefit of all. The
conference Web site includes the preliminary conference agenda and will
continue to provide the latest information as the conference design unfolds.
Tom Landauer, U. of Colorado (Boulder): "Computers, Usefulness,
Usability, Productivity, and Happiness"
Laura Breeden, formerly of of US Commerce Dept. NTIA: "Whose
Voice is Heard? Listening to the Computer and Communications
Bill Wulf, University of Virginia: "Information Technology
is the Lever, But Where Shall We Stand?"
Creating the Future: Computer Industry Research Lab Heads
Rick Light, Moderator
Working in the Networked Economy: Issues
Gary Chapman, Moderator
Working in the Networked Economy: Opportunities
Phil Agre, Moderator
Contrasting Images of the Future
Allan Kuchinsky, Moderator
The European Information Society (live from Europe)
Terry Bynum, Moderator
If Anyone Can Publish, Who Will Edit?
Karen Coyle, Moderator
On the Internet, No One Knows You're a Dog
Brenda Allen, Moderator
Government On-Line: Report Card and Futures
Charles Brownstein, Moderator
Shneiderman: "The Durango Declaration Continued: Toward
a Snowbird Conference Statement"
Cisler, Uncapher, Press: "Implications of the Net for Industrialized
Countries, Developing Nations, and Indigenous Cultures"
Epstein: "Emerging Realities, Virtual and Otherwise"
Meyer: "Anthropology and Computer Technologies"
Date: Wed, 24 Apr 1996 14:25:09 -0400
From: CERT Advisory <email@example.com>
Subject: CERT (sm) Advisory CA-96.09, 24 Apr 1996, Vulnerability in rpc.statd
The CERT Coordination Center has received reports of a vulnerability in
rpc.statd (rpc.statd is also known as statd on some systems). As of the
date of this advisory, we have received no reports of this vulnerability
If exploited, this vulnerability can be used to remove any file that the
root user can remove or to create any file that the root user can
Section III and Appendix A contain information from vendors. Appendix B
contains an example of a possible workaround.
As we receive additional information relating to this advisory, we will
place it in
We encourage you to check our README files regularly for updates on
advisories that relate to your site.
rpc.statd, also called statd, is the NFS file-locking status monitor. It
interacts with rpc.lockd, also called lockd, to provide the crash and
recovery functions for file locking across NFS.
NFS is stateless, which means that NFS clients and servers can be
rebooted without a loss of file integrity due to NFS. In contrast, NFS
file locking is stateful. To achieve this stateful nature in a stateless
environment, rpc.lockd must work with rpc.statd to add state to file
To understand what rpc.statd does, it is first necessary to understand
what rpc.lockd does. rpc.lockd processes lock requests that are sent
either locally by the kernel or remotely by another lock daemon.
rpc.lockd forwards lock requests for remote NFS files to the NFS server's
lock daemon using Remote Procedure Calls (RPC).
rpc.lockd then requests monitoring service from the status monitor
daemon, rpc.statd, running on the NFS server. Monitoring services are
needed because file locks are maintained in the NFS server kernel. In
the event of a system crash or reboot, all NFS locks would normally be
lost. It is rpc.statd that adds stateful file locking.
When an NFS server reboots, rpc.statd causes the previously held locks
to be recovered by notifying the NFS client lock daemons to resubmit
previously granted lock requests. If a lock daemon fails to secure a
previously granted lock on the NFS server, it sends SIGLOST to the
process that originally requested the file lock.
The vulnerability in rpc.statd is its lack of validation of the
information it receives from what is presumed to be the remote rpc.lockd.
Because rpc.statd normally runs as root and because it does not validate
this information, rpc.statd can be made to remove or create any file that
the root user can remove or create on the NFS server.
Any file that root could remove can be removed by rpc.statd. Any file
that root could create can be created by rpc.statd, albeit with mode 200.
The general solution to this problem is to replace the rpc.statd daemon
with one that validates the information sent to it by the remote
rpc.lockd. We recommend that you install a patch from your vendor if
possible. If a patch is not available for your system, we recommend
contacting your vendor and requesting that a patch be developed as soon
as possible. In the meantime, consider whether the information in
Appendix B is applicable to your site.
Below is a summary list of the vendors who have reported to us as of the
date of this advisory.
Patch information and other details are in Appendix A of this advisory
and reproduced in the CA-96.09.README file. We will update the README
file as we receive more information.
If your vendor's name is not on this list, please contact the vendor
Apple Computer, Inc. vulnerable - A/UX version 3.1.1 and
earlier; AIX 4.1.4 for the Apple
Berkeley Software Design, Inc. not vulnerable - BSD/OS
Cray Research, Inc. vulnerable - Unicos version 9.0 and
Data General Corporation vulnerable - DG/UX R4.11
Digital Equipment Corporation vulnerable - UNIX (OSF/1) V3.0 through
V3.2d; ULTRIX V4.3 through V4.5
Harris Computer Systems Corp. vulnerable - all versions of NightHawk
CX/UX and PowerUX
not vulnerable - all versions of
NightHawk CX/SX and CyberGuard CX/SX
Hewlett-Packard Company vulnerable - 9.X and 10.X
IBM Corporation vulnerable - AIX 3.2 and 4.1
NEC Corporation some systems vulnerable
NeXT Software, Inc. vulnerable - versions before 4.0;
will be fixed in 4.0
The Santa Cruz Operation, Inc. not vulnerable - SCO UnixWare 2.x.;
SCO OpenServer 3.0, 5; SCO Open Desktop
2.x, 3.x; SCO NFS 1.x.x.
Silicon Graphics, Inc. vulnerable - all versions of IRIX except
not vulnerable - IRIX 6.2
Sony Corporation vulnerable - NEWS-OS 4.2.1, 6.0.3, 6.1,
Sun Microsystems, Inc. believed to be vulnerable - SunOS 4.x
and Solaris 2.x
The CERT Coordination Center thanks Andrew Gross of the San Diego
Supercomputer Center for reporting this problem and Wolfgang Ley of DFN-CERT
for his support in responding to this problem.
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident
Response and Security Teams (FIRST).
We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact the
CERT staff for more information.
Location of CERT PGP key
CERT Contact Information
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890 USA
CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
CERT advisories and bulletins are also posted on the USENET newsgroup
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided it
is used for noncommercial purposes and the copyright statement is included.
CERT is a service mark of Carnegie Mellon University.
[Appendices removed for RISKS.]
Date: 18 March 1996 (LAST-MODIFIED)
Subject: ABRIDGED info on RISKS (comp.risks)
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <firstname.lastname@example.org> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for unabridged version of RISKS information]
CONTRIBUTIONS: to email@example.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution. Diversity is welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Particularly relevant contributions may be adapted for the RISKS sections
of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review.
* Submissions: By submitting an item that is accepted for publication
in RISKS, the author grants permission for unlimited public distribution
and redistribution in electronic or other form.
* Reuse: Blanket permission is hereby granted for reuse of all materials
in RISKS, under the following conditions. All redistributed items must
include the Risks-Forum masthead line. All reuse must be accompanied by
the following statement:
Reused without explicit authorization under blanket permission
granted for all Risks-Forum Digest materials. The author(s), the
RISKS moderator, and the ACM have no connection with this reuse.
As a courtesy, reusers of individual items (as opposed to forwardings of
entire issues) should notify the authors, and should pay particular
attention to any subsequent corrections.
RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
The ftp.sri.com site risks directory also contains the most recent
PostScript copy of PGN's comprehensive historical summary of one liners:
PRIVACY: For info on the PRIVACY Forum Digest and Computer PRIVACY Digest,
see the unabridged INFO file at RISKS-Request (send one-line message INFO
to risks-request@CSL.sri.com as noted above).
End of RISKS-FORUM Digest 18.07