----MESSAGE-BEGIN---- <1987110114254000> From: Nick Papadakis <@eddie.mit.edu:nick@MC.LCS.MIT.EDU> 2-Nov-1987 22:05:40 To: security@RUTGERS.EDU Subj: [8294] Why secure systems? In the interest of beginning a flame war (things have been too quiet lately ...), I offer the following text, which was written by Richard Stallman in 1983. If I ignore for the moment RMS's interpersonal skills and concentrate on *what he is saying* rather than how he goes about persuading people of its truth (which has alienated a good many folks), I have to admit that it sounds to me as if he is on the right track. What do you think? - nick --- file is oz.ai.mit.edu:whyhack.text.10 --- Recently the teen-age computer "hacker", the security cracker, has become a topic of national concern. But the many articles on the subject have condemned the cracker without showing the galling aspects of the way of life he is rebelling against and without questioning its ethical foundation. There is no hint that the confused cracker of today may be resisting, albeit ineffectually, a serious social problem of tomorrow. If you look at the social organization of the users on a typical timeshared computer of today and compare it with other social groups, it most resembles the Soviet Union. It is pervaded by suspicion, ruled arbitrarily by a small oligarchy, and hostile toward outsiders. This arouses resentment, which inspires the security crackers. But the authoritarian social organization itself is a worse problem than the crackers are. Most computer users see no alternative. I am fortunate in having experienced one. At the MIT laboratory where I have worked as a researcher for ten years, our old computer system treated users as free equals with a responsibility to cooperate, and guests were welcome. Our hospitality guided clever young people to become responsible engineers rather than crackers. On the typical computer system, the activities of the ordinary users are regulated very narrowly and precisely by the elite, who are bound by no principle of fairness or due process and allow no appeal. Which files you can read, which files you can write, how many files you can have, what programs you can run, how long you can use them, and when you can log in are under their control. They can bump you off the computer at any time. They can watch what you type as you use the computer; you cannot watch them. They can make it very easy for you to do your job, if they like you, or if you curry favor. Or they can obstruct you at every turn, making your life miserable. You have no recourse. They can use the commands that change a user's restrictions, and you cannot, because your restrictions don't permit it. The users are suspicious of each other, and use "file protection" to deny each other access to files. Often this means you cannot make progress in your work because you need to fix a program you cannot get at. People with high morale become discouraged and cynical because of this. The authorities are immune to file protection, however, and can easily erase your file if they do not like what it says. People outside the organization are viewed with hostility and suspicion. They are presumed to lack only an opportunity to delete or scramble all the files on the computer. If the computer is idle, at night for example, its computing power goes to waste rather than allow an outsider to use it for a constructive purpose (such as learning to program). Now imagine that one of the people outside the organization, the recipient of all this suspicion and hostility, is a hacker: a person who is curious, playful and enjoys clever humor. (When computer researchers at MIT in the 1960's first began calling themselves "hackers", this is what they meant. I am proud to call myself a hacker, and I call security-breakers "crackers" to emphasize the distinction.) A hacker, finding a mysterious and complicated computer system, wants to understand it. He would like to explore the computer system, to learn how to use it, or to learn how it works. He knows in advance what reception he will get if he simply asks to use the computer when there is spare time. And he senses intuitively that computer system authorities in general are amoral and do not deserve respect. Naturally, he tries to sneak in and use the computer anyway. He becomes a cracker. If successful, he gets to explore and learn, and can be proud of his cleverness as well. Beefed-up security measures only make the battle of wits more challenging and absorbing. But if he is only a teen-ager, he is probably not used to the kind of thinking that would enable him to question the social system he is part of. (The teen-agers who are politically aware are usually not the computer enthusiasts.) He knows only that he has something to resent. So he does not make a serious attempt to change the system. The best he can manage is instinctive, furtive disobedience. This is why the young cracker seems so usure of the rightness of his actions, and occasionally may do minor damage, almost without noticing. He has not asked the question of how he ought to behave, or how the computer owners ought to behave. This is also why it is so easy to win a cracker over to the security-enforcing establishment with personal inducements. Joining the authorities will end his direct personal difficulties and recognize his cleverness, even better than successfully evading them. Without an ethical awareness, he does not see that he solves his own problem only by contributing to similar problems for others. The software on most computer systems is designed to support the ruling class just as surely as the KGB is. The software written and used by the hackers at MIT was designed to make users free and equal. Our system had no restrictions that could be imposed on selected users; all users were treated alike. Thus nobody could seize power by restricting everyone else. We did not care whether a change to the files was authorized; we cared whether it was an improvement. This can only be decided by human beings, on a case-by-case basis. So, rather than having file protection to control changes, we called for discussion of any planned change. And if a stranger came to the lab and wanted to play with the computer when it was not fully needed by us--we let him! Chances are he would appreciate some of the value of our work, learn from it, and spread the knowledge to others. At best, he would become enthusiastic for our software and our attitudes, join our lab, and contribute to our work. People hearing about our lab usually took it for granted that our system would be destroyed by vandals. Actually, vandalism was very rare, and the damage done by vandals was small compared with the damage caused by the inevitable computer malfunctions and our own mistakes. Simple measures analogous to the glass window on a fire alarm discouraged dangerous activities, deliberate or accidental, without actually forbidding anything. Ultimately it was rising commercialism that destroyed the lab and caused our old computer system to be junked. The technology of computer security is not suited to any middle ground between the extremes. Unless security is iron-fisted and dominates the lives of the users, it is easy to circumvent, and useless. We should put military secrets, bank records and the like on computers with strict security. For other activities, we should have computers that are free of security, and free of its burdens. Then we need not attack the symptom of morally confused crackers with jail threats, security technology, or hiring them as security enforcers to breed more resentment and new crackers. We can invite them to use computers openly on terms of mutual respect, and they will repay our friendship tenfold. Their cleverness and curiosity are just what make for a creative engineer. So far the issue of security versus freedom on computer systems affects mainly computer hackers. But, in the future, computer systems will play a bigger and bigger role in everyone's life. And these systems will be built on today's entrenched authoritarian tradition, unless we stop it. The crackers are a warning sign of a problem that every American is going to face--soon. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110115331200> From: "Rex Wheeler (Tiger)" <90720579%WSUVM1.BITNET@wiscvm.wisc.edu> 2-Nov-1987 23:13:12 To: SECURITY@RED.RUTGERS.EDU Subj: [382] Re: pc lab One thing you could do to prevent software from leaving is have PCs with ONLY hard drives (no floppys) You would probably want to have one external floppy drive that you could use to get stuff on and off the hard disks. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110203022300> From: Knock Knock 3-Nov-1987 10:42:23 To: security@marist Subj: [1288] PC Lab Security > Have one PC inn your lab designated as a file server. Student > must bring their own floppies and copy any needed software > off the (read-only) hard disk of the file server onto THIER OWN DISKS. Doesn't this present some legal problems due to the copyright laws? I didn't think it was legal to allow/require people to copy software. Doesn't this also present some technical problems due to copy protections? At BC, I believe we presently use a Check-Point security system. This system is easy to fool if you know a trick or two, but has served as a GOOD deterrent. In addition, each student borrowing software or manuals is required to leave his/her BC ID at the front desk. The front desk then records, on our main computer system, what was borrowed. If the student fails to return the borrowed items, the front desk has thier ID, and the main computer can help locate the student and/or bill them if the administration feels that it's appropriate. Both these systems are openly visible which helps to deter users from attempting thefts. Niether of these systems are perfect, we still lose things, but I think it's the most practical i've seen thus far. Dave R ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110211300200> From: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) 3-Nov-1987 19:10:02 To: seismo!misc-security@seismo.css.gov Subj: [384] night scope I am once again asking about this stupid machine. Where can I buy either a used or surplus nightscope/ or if available and totally independent infrared sniperscope. And yes I do know they are mucho $$$ pls respond dgidez@netxcom.UUCP ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110211595800> From: yetti!utzoo!henry@uunet.uu.net (Henry Spencer) 3-Nov-1987 19:39:58 To: misc-security@uunet.uu.net Subj: [857] re: Master keys > There is a very simple reason why master keys tend to have less metal on > them than the non-master keys. It's easier to make them that way. Well, there is also a reason to do things the other way: if the master has less metal on it everywhere than a non-master, then one can file a non-master down to make a master. The only time I ever took a close look at the shapes of keys (in a scheme that used multiple levels rather than distinct keys plus a master), the less powerful keys had less metal on them, so the file trick wouldn't work. (Rats! :-)) -- PS/2: Yesterday's hardware today. | Henry Spencer @ U of Toronto Zoology OS/2: Yesterday's software tomorrow. | {allegra,ihnp4,decvax,utai}!utzoo!henry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110217305200> From: *Hobbit* 4-Nov-1987 01:10:52 To: security@RED.RUTGERS.EDU Subj: [1864] hotel deadbolt hacks There are two ways to go about this. The first method uses two little sprung pins mounted at about 10:00 and 2:00 in the back of the cylinder, just past the last pin. If the key is turned to 4:00 or 8:00, the open bottom of the keyway exposes the end of one of these pins, and it jumps out into the bottom of the keyway, preventing further rotation. The pin is mounted at such an angle that the plug can "retreat" from this wedged position, but not continue past it. A key cut such that there is enough metal protruding past the last pin will keep these pins up inside their holes, allowing full rotation. The second method uses the last pin as a sort of switch. At the last pin position the cylinder is machined out large enough to acommodate a ring, which surrounds the rear end of the plug. This ring has a hole through it for the last pin and a stub sticking off the back near the bottom. It is also of a known thickness. Raising the rear pin to the normal plug shear line will allow the plug to turn, but the ring remains stationary [held by the driver]. At about 4:00 or 8:00, the tailpiece hits the ring's stub and can't rotate any more. The master key raises the last pin to the next level, such that the ring now turns with the plug, and doesn't impede the tailpiece. In either case, full rotation is required to shoot the deadbolt, but only a quarter turn or so pulls the spring latch. Thus a guest key can't shoot the deadbolt but the specially cut masters can. If you're worried about people getting into your hotel room, carry your own keyed cylinders with you and swap them when you arrive. Probably against fire regs, but it works. When was the last time you found yourself inside a burning hotel? _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110219280400> From: tektronix!reed!percival!jamesd@cad.Berkeley.EDU (James Deibele) 4-Nov-1987 03:08:04 To: reed!tektronix.UUCP!ucbcad!red.rutgers.edu!security Subj: [1265] Re: forwarded mail Sorry for the lack of clarity. Tests in stores showed that there was a shortage rate of 30% in stores that weren't protected by the Knogo systems. That figure includes employee theft, shoplifting, miscounts of shipments (the clerk counted 13 when there were only 12), and so forth. The major components of the shortage figure are the first two. It's very easy to put a piece of software in a bag and walk out with it. Dalton's uses 6-foot shelves, which the clerks can't see over (legacy of the bookstores, where an individual item isn't worth all that much---software, however, goes $300, $400, even $700). The impulse shoplifter --- "I want Gunship, but I don't want to pay $35" --- is deterred by the increased risk of apprehension (supposedly), and they make up the most part of Dalton's shoplifting problem. Kids after school killing time in the mall, etc. won't take the chance if they think there's a high risk of getting caught. Sort of similar to radar --- people think it works better than it actually does. Fortunately, there are less thieves than speeders. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110301110500> From: padwa%harvsc3@harvard.harvard.edu (Danny Padwa) 4-Nov-1987 08:51:05 To: "security@red.rutgers.edu"%hucsc@harvard.harvard.edu Subj: [1482] Microcomputer Software Security At Harvard, several of our classes require the use of micros, and we handle software for them as follows: When students wish to use the microcomputer software, they come into the User Services office (right by the micro room). Although US people (such as myself) are primarily responsible for mainframe questions, they also loan out the software. The first time a student comes in to borrow software, they sign a waiver, effectively promising not to steal, copy, or eat our disks. Then, they cam take out software whenever they want (the question-answering people are there 8AM-midnight weekdays, and almost that on weekends), just by presenting their IDs (held only for "important" software----I didn't make up this policy!!!) and signing the software out in our log...pretty straightforward. The only real problem we've had with this is that the User Services people get bogged down dealing with the micro software and cannot devote enough attention to the big machines (they also have to run backups). But all in all it is a pretty good system, and can work extremely well if you have a work-study student (or the like) handling the library (most students will love a job where they can do a significant amount of homework while working!! Good Luck!!! Danny Padwa Harvard University ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110310091800> From: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net 4-Nov-1987 17:49:18 To: security@RUTGERS.EDU Subj: [1422] RE: the KEY Discussions Interesting things coming thru on all this KEY stuff. I've got a couple of questions which deal with the mechanics of a couple of keying systems. Wish I could remember the names of the manufacturers, but I'll just have to plead brain death. The two key systems worked (I believe) in completely different ways (or at least, the mechanisms were very different). One had no slots, per se. Instead, it essentially looked like a blank with a number of dimples of differing sizes drilled on both sides of the blank. The second system was supposed to have been THE keying system of that time (this is all from my college days, about 11 years ago). This system had keys which had the cuts not only at the normal angles of +/- 15 (?) degrees but also had the cuts themselves offset at (I believe) +/- 5 degree angles. In other words, instead of just making the cuts at an angle perpendicular to the key, the cuts were offset at angles of 0, +5 and -5 from the perpendicular. I know I'll recognise the name of the keying system as soon as someone mentions it, but right now, I'm completely brain dead. Anyway, the question is...How do each of the above keying systems work? Warren M. Iwamoto Artificial Intelligence Laboratory Texas Instruments, Inc. Dallas, TX. iwamoto%ngstl1@eg.ti.com ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110322483900> From: mark@ems.mn.org (Mark H. Colburn) 5-Nov-1987 06:28:39 To: misc-security@RUTGERS.EDU Subj: [1037] Re: DES is NOT legally required I was discussing encryption with some of the CYBER gods who work at Control Data Corporation here in Minneapolis. Apparently, when they initially started shipping their latest release of NOS, they were going to use this hot new encryption algorithm which somebody at CDC came up with. However, when they decided that they were going to ship the software out of the country, they found that the NSA (I believe, it has been awhile), was requiring that they provide the algorithm for deciphering an encrypted message. Apparently there was no limit on how complex the solution was as long as it was gaurenteable that the algorithm did work. Eventually they gave up on the new encryption method, since they could not come up with an algorithm which would work. -- Mark H. Colburn DOMAIN: mark@ems.MN.ORG EMS/McGraw-Hill UUCP: ihnp4!meccts!ems!mark AT&T: (612) 829-8200 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110418391800> From: Larry Hunter 6-Nov-1987 02:19:18 To: security@red.rutgers.edu Subj: [1546] Bumper Beepers. Some interesting tidbits for tracking automobiles: Bumper beepers are great, but get some practice before you depend on one. Signals reflected off buildings, obscured by underground garages, rapidly accellerating as they get on the freeway, etc. are all confusing. Following a vehicle without being detected takes practice. The beeper just makes it possible to do with one tail car instead of two or three. With an aircraft, one of these guys can identify the location of a vehicle within 25 or 50 miles. Have fun! Places to buy: Wynn Engineering / 4327 Aspenglen Dr. / Houston TX 77084 sells a bumper beeper set that "When installed on your car, you can track the distance and direction of the car from up to 2 miles away. Beeper and special receiver (Model BB 1101) $600 for the set." Law Enforcement Associates / 88 Holmes St./ Belleville NJ 07109 sells a better system (made by TRACER) called the 1012 Vehicle Follower System. It's better because the beeper beeps instead of emitting a continuous tone (saves on batteries!) and it gives a more specific readout of the direction of the target. Expect to pay over $1000. Write for a current catalog. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). Larry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110508494100> From: marks@Sun.COM (Mark Stein) 6-Nov-1987 16:29:41 To: security@red.rutgers.edu Subj: [611] re: master keys > Talking about master keys and such, has anyone seen a type of > key that has no teeth and it is just a straight piece of metal? > I think they had "safety" stamped on them but I am not sure. > When I was a little kid I had a couple but never found out what > they were for. I remember seeing one of these a long time ago. As I recall, they were provided with bathroom (indoor) locksets. They were intended to go through the hole on the outside knob to unlock the door. --Mark Stein ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110615400600> From: *Hobbit* 7-Nov-1987 23:20:06 To: security@RED.RUTGERS.EDU Subj: [503] kappy kludges fern frob If you leave the coil of a relay across the line all the time, it probably will never hang up properly. If the DC resistance happens to be high enough to allow on-hook [good luck] you'll still create a leak path and lose big when it rings. If you want to sense line voltage quietly, use something involving a 40v zener, a FET, and an optoisolator or something... _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110621311200> From: webber@brandx.rutgers.edu (Webber) 8-Nov-1987 05:11:12 To: misc-security@RUTGERS.EDU Subj: [1244] paranoia is not the issue > You _can_ freeze the system and audit it from the outside. On my > system I would build an audit program on a bootable floppy and > keep it in a safe place. I'm not that paranoid - I believe that > I'm not a sufficiently desirable target to expect really sophisticated > viral attacks. It is not really an issue of being a specific target. Recent trojan horse problems reported on the micro boards seem to be traceable back to code put on disks by software vendors as an effort at copy protection. The subsequent victims being merely people who traded disks with people who traded disks with people who traded disks with people who maybe pirated software. Ultimately, a well-written destructive virus is much like a bomb in the marketplace -- lots of bystanders who weren't aware they were part of a quarrel. And considering the other bugs in vendor's software, it is not all that unreasonable to expect that occasionally their copyprotect stuff will misfire -- sort of puts a new light on all those disclaimers, don't it? ------ BOB (webber@aramis.rutgers.edu ; rutgers!aramis.rutgers.edu!webber) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110623023600> From: hpscda!hpscdl!hplabs!well!rab@seismo.css.gov (Bob Bickford) 8-Nov-1987 06:42:36 To: security Subj: [555] Re: master keys Jose Rodriguez writes: + Talking about master keys and such, has anyone seen a type of + key that has no teeth and it is just a straight piece of metal? They're magnetic, assuming we're talking about the same thing. The matching lock has an inverse set of magnets and will open when you hold the key next to it (or inside it, on some). -- Robert Bickford {hplabs, ucbvax, lll-lcc, ptsfa}!well!rab ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110709293800> From: Jeff Rothenberg 8-Nov-1987 17:09:38 To: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) Subj: [408] Re: night scope I gather you do not know about Edmund Scientific. They are a catalog house with all sorts of stuff like this (plus lots more). They are: Edmund Scientific Co. 101 E. Gloucester Pike Barrington, NJ 08007 1-609-573-6250 1-609-547-3488 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110722173000> From: *Hobbit* 9-Nov-1987 05:57:30 To: security@RED.RUTGERS.EDU Subj: [581] Internal setscrews The from-the-inside setscrews that Best is infamous for aren't a guarantee against tampering. A certain proportion of the locks in a large campus system will "default" to the control shear line during picking. A determined individual *will* eventually manage to obtain one; there's not a lot you can do about it short of posting guards at all the doors. Does Medeco or Abloy have any such mechanism? *That* would make things pretty difficult... _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110801161200> From: TS5864%OHSTVMB.BITNET@jade.berkeley.edu (Thomas Lapp) 9-Nov-1987 08:56:12 To: SECURITY@red.rutgers.edu (Security Digest) Subj: [1265] RE: LoJack Homing device I recall seeing a television segment on LoJack (20/20?). In the segment they indicated that, yes, it wasn't cheap, and yes, it worked for several dozen miles. However, it *does* require that the police install the activation transmitter on a high point, and requires fitting the cruisers with LoJack receivers. The cost of this is prohibitive except for areas of high auto theft. At the airing of the segment on TV (several months ago), LoJack was only in use in the Boston,MA area. Several other cities were looking into it, but had not made any discision to go ahead. So unless you live in the Boston area, you are out of luck when it comes to LoJack. -tom ======================================================================= Thomas Lapp | "Never Sniff a Gift | Fish" BITNET: TS5864@OHSTVMB.BITNET | ARPA: TS5864%OHSTVMB.BITNET@wiscvm.wisc.edu | INTERNET: LAPPT@ee-eagle.ohio-state.edu | ======================================================================= ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110807323800> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 9-Nov-1987 15:12:38 To: misc-security@uunet.uu.net Subj: [696] Re: untoothed keys Jose Rodriguez writes: >Talking about master keys and such, has anyone seen a type of >key that has no teeth and it is just a straight piece of metal? There are several keys that could fit such a description. Were there ANY external encodings at all, such as wiggly grooves (Bell lock) or dimples (Sargent KESO)? If not, this may have been a magnetic key. There were some cheap padlocks that one opened by placing a flat key against the side; embedded magnets reacted on magnets inside the lock to align gates. That lock yielded easily to physical force, however. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110813591300> From: Bill Sommerfeld 9-Nov-1987 21:39:13 To: *Hobbit* Subj: [402] Re: hotel deadbolt hacks > Probably against fire regs, but it works. I don't see why; all that matters is that you be able to get OUT, not that others be able to get in.. besides, fire fighters have a reputation for using an axe when a doorknob would do. - Bill ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110816040200> From: Mike Linnig 9-Nov-1987 23:44:02 To: security@RUTGERS.EDU Subj: [819] master key security Doug Gwyn's comments about some locks being somewhat difficult to remove unless you have the control key brings the following to mind... What will the administration do if they find such a lock has been removed by brute force (ie. saber sawing it out of the door)? Surely this implies that the whole master keying system is compromised. Ideally, they would rekey all the locks. In practice I assume that they would shrug their shoulders and hope no one starts using master keys. It must be very expensive to rekey all the locks on a campus. Mike Linnig ps. I too do not advocate property damage, but it is amazing how vunerable these systems are to thoughtful attack. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110904415600> From: warren hik 10-Nov-1987 12:21:56 To: SECURITY@RED.RUTGERS.EDU Subj: [2569] RE: PC Lab Security >> Have one PC in your lab designated as a file server. Student >> must bring their own floppies and copy any needed software >> off the (read-only) hard disk of the file server onto THIER OWN DISKS. >Doesn't this present some legal problems due to the copyright laws? >Doesn't this also present some technical problems due to copy protections? It is legal, and widely accepted on the following terms. a) the software is licensed for a certain site. b) the copy of the original software (by the student) is only used at the licensed site. c) the copied software is for the exclusive use of the student. d) the student must sign a contract stating that they will not let anyone else use the software, nor will it be run (used) OUTSIDE of the licensed lab environment. The software must also be deleted at the end of the required course period. Breaking any of which, is punishable by fine (equal to that which may be charged the license site for breaking copywrite) or EXPULSION. >At BC, I believe we presently use a Check-Point security system. This system >is easy to fool if you know a trick or two, but has served as a GOOD deterrent This is a "Good Deterrent": By using the already existing copyright laws, and those of the institution regarding expulsion (one would want to believe that they were created for some purpose). An example of using the LAW as the deterrent over spending many more dollars for electronic security devices, clerks and security officers, and computer administration and accounting is: Stop signs. That's right, why do we stop at a stop sign if it is 2:00 a.m. and there are no other cars in sight?? Because it is the law. If you go through and are caught (big IF here!) you face a $53 fine, some demerit points, and surly when your insurance company finds out about this, you could face a rude awakening in premium prices (don't take my word for it, contact your local newspaper and find out the number of people in your city that complain about being shafted by insurance companies (particularily car insurance)). Anyway to make a long story short, if the system can be fooled by those who really want to, use existing laws to deter people, not expensive machinery and people who could be used more effectively helping others with problems or doing research of their own, instead of being glorified secretaries. Sorry for rambling. -Warren. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110904420000> From: "Michael A. Shiels" 10-Nov-1987 12:22:00 To: misc-security%math.waterloo.edu@relay.cs.net Subj: [631] Re: Securing Floppy's There is another solution to the software stealing problem. Install a protection ROM into the motherboard and then each one of the .EXEs or .COMs is run through an encryptor and will require the ROM to work properly. It seems to work great on campus here. Look in comp.newprod for an announcement of MaS-DProtect and MaS-RProtecty -- Michael A. Shiels (MaS Network Software) mshiels@orchid.waterloo.EDU UUCP: ...path...!watmath!orchid!mshiels ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110920032500> From: *Hobbit* 11-Nov-1987 03:43:25 To: security@red.rutgers.edu Subj: [19078] Yet more about SS numbers Hopefully this is the last of it... _H* -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Subject: Another no SSN reason Date: Fri, 02 Oct 87 22:38:30 -0400 From: new@udel.edu Nark Mason writes about Social Security Numbers: >I still haven't seen anyone give a good reason *why* to keep it [your >SSN] secure. ... What horrible ded can be done with it that makes it not >worth giving it out and the hassle that might follow? Well, here's a story that happened to a good friend of mine that I wouldn't want to worry about. She sent in her tax returns, and got a letter saying she still owed $6000 for the money that she inherited, plus fines and interrest and a possible jail sentence. It turns out that someone, somewhere had inherited money and made up an SSN at random to avoid the taxes. After about six months of "hassle" (to say the least) she finally convinced the IRS that she did not inherit anything. She was able to do this only because the name did not match the SSN, and the address was in New York instead of her actual address near Phila. Now, I have been fighting institutions that use my SSN as a key primarily because most of these insist on printing it on the mailing label along with my name and address. They claim this is so that when mail comes back (mail that most people would consider "junk mail" anyway), they can remove the name easily from the mailing list. Can you imagine the "hassles" I could have if the clerk at the institution plans ahead for a successful trip to Atlantic City or Vegas, taking a few names, addresses, and SSNs along? How about the postal clerks that get to read my SSNs? My main complaint is not with the institution that uses my SSN as a key, but rather the uses other than as a key to which it is put. Incidently, does anyone use a database package that can handle sufficient volume that names cause too many clashes, yet that does not have a mechanism for generating unique keys? Why must I supply my own key? Not only am I reduced to a "mere number," but I must reduce MYSELF to a number. Regarding Government agencies requirements, what about Federally funded institutions? Can universities that are federally assisted demand my SSN? - Darren New University of Delaware new@dewey.udel.edu -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 5 Oct 87 09:33:45 cdt From: Jonathan Harris Subject: SSN's why get so upset about it. After all this talk of people not giving out social security numbers to utilities and such, I have yet to hear anyone explain what is the harm in giving it out and why it is worth all of this fuss. True, the social security number is really meant for social security and tax administration, but what harm can someone do if he finds your SSN. Apparently nothing; that is unless you are a deadbeat intending to skip down and refuse to pay your phone/electric bill. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 5 Oct 87 21:51:27 EDT From: Douglas Humphrey Subject: Re: ssn's >So the real question is this: > How many databases list my MIT 888 number as my SSN I would hope that most peoples data bases have some sort of validity check on SSNs, since you can call the SSA and get a definition of the SSN from them, and it does mention at least some of the field values that are 'not right'. I saw a spec for this stuff about 5 years ago perhaps in a Government RFP or something. Maybe a call to the SSA would answer this? -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 06 Oct 87 08:53:04 EDT From: "A. Harry Williams" Subject: Re: Digest of SSN responses I find the response to both SSN and phone numbers as "If you don't have anything to hide, why not give it out". That is the same argument as if the defendant doesn't take the stand in a criminal trial, he must be guilty. Also, I'm not sure that US SSN have a checksum. My sisters and I have consecutive SSNs. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Tue, 6 Oct 87 12:20:01 EDT From: Larry Hunter Subject: Re: Why Protect SSNs? Well, the practical reasons to associate your SSN with as few records about you as possible have to do with the fact that large, powerful entities (like the IRS and large consumer products companies) use techniques like block modelling and record matching to exert unpleasant power over individuals. For example, the IRS uses social security numbers to look up credit ratings and self-described income data associated with consumer purchases (those little warrantee registration cards...) to audit people it thinks may be under-reporting income. Big credit and insurance concerns use SSNs to find records that can penalize you by denying you credit or insurance on the basis of information that you rarely see and never know how they get. Other uses include targeting the marketing consumer products and matching government records against each other or commercial records. Those large tax, law enforcement and marketing data analyses are more difficult to do on someone who witholds SSN. Unfortunately, the cause of most of the trouble is invisible to the people who get screwed. Nobody says "we decided to audit you (investigate you, use this ad on you) because of information we could analyse based on your SSN." It is quite difficult to track down the explicit uses of SSNs within specific organizations; they are not interested in baring their data analysis techniques to outsiders at all. So for illustrative purposes, let me show how with your social security number and a little motivation someone can learn all of the intimate details of your life, ruin your credit rating and get warrants issued for your arrest: Your enemy gets your social security number. He goes to the local department of motor vehicles and get a driver's license in your name by telling them he lost it and giving them your SSN. Knowing your driver's license number (SSN in many states) is usually sufficient ID for getting a replacement license. He takes the driver's license to the social security office, tells them the appropriate SSN and asks for "his" payment record. They tell him your employer, your income, any interest bearing bank accounts you have and any securities you have bought or sold in the last 3 years and some odd months. He can find out the medical insurance company used by your employer and get your medical records from them in a similar way. He can also use the employment information along with your SSN to get credit cards in your name (credit card grantors use SSNs to access your credit records, and want little information on you other than SSN, employer and bank accounts). After buying a fast new car on your credit, he gets a lot of speeding tickets on your license. The criminal warrants that show up when he doesn't pay the tickets are attached to your social security number. If he really wants to get you in trouble, he gets busted for drunk driving or hit and run on your license, makes bail and throws the license away. You now have a mountain of bad debt and a felony arrest warrant, not to mention an enemy who knows every penny you have, what your credit record is like and all of your medical history. He got it all by just knowing your SSN. Paranoid? Sure. I don't think this sort of thing happens very often, but it provides an idea of the power in those 9 digits. I personally believe that the institutional (mis)use of SSNs is by far a worse problem than the kind of criminal behavior I just described, but I find the latter is more persuasive to people who are cavalier about having "nothing to hide". Try reading David Burnham's "The Rise of the Computer State" or his upcoming book on the IRS, or Robert Ellis Smith's "Privacy: How to Protect What's Left of It" for more detailed discussions. Larry Hunter -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: 6 OCT 1987 22:51:13 EDT From: "Bryan, Jerry" Subject: Digest of SSN responses The Privacy Act of 1974 does *not* mention universities by name. I quote as follows: "Sec. 7.(a)(1) It shall be unlawful for any Federal, State or local agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number." That all sounds well and good, except for the following little "gottcha's". 1 -- The original Privacy Act included the following exception: "(2) the provisions of paragraph (1) of this subsection shall not apply with respect to (A) and disclosure which is required by Federal statute" Note that "disclosures which are required by Federal statute" are legion. For example, open a bank account, register for the draft, etc. 2 -- the privacy act is grandfathered, so that anybody doing it before January 1, 1975 can keep doing it 3 -- Congress has passed many, many exemptions and exceptions to the original Privacy Act, the worst of which is specifically authorizing states to use SSN's for driver's licenses and vehicle registration (Tax Reform Act of 1979). 4 -- The clause in the original law making it apply to "any right, benefit, or privilege provided by law" is a pretty stiff test, according to lawyers who handled a SSN refusal case for me. It is pretty hard to convince a judge that attendance at a university is a "right, benefit, or privilege provided by law". And even if you did, the laws establishing universities in most states are ones which have been exempted from the Privacy Act by subsequent legislation (the Tax Reform Act of 1979). 5 -- The original Privacy Act contained no penalty for violation. Again, according to my lawyers, a law with no penalty is essentially unenforcable. What is needed is something like a $1000 fine for every violation. Can you imagine how quickly a university would straighten up if it had to pay $1000 for every student for which it used an SSN as a student ID? As an example of how tangled these webs can become, both the folks giving ACT tests and SAT tests key the results off of SSN's, and these are private organizations utterly uncovered by any privacy legislation. Most (all?) universities that receive ACT and/or SAT scores match them up with their students via SSN's. Thus, universities have a valid, practically mandatory reason for having the SSN for all students on file, even if they do not use SSN for student ID. Furthermore, if the university is involved at all in the disbursement of federal money to students (various student loans, etc.), the feds will *require* SSN's for all the students involved. What's the poor university to do? Finally, grant applications to such agencies as National Institute of Health and National Science Foundation require the SSN's of all professors and students who will use the money? Again, what is the university to do? It really is too late, folks. Big Brother is already here, alive and well. And even Mr. Reagan with all his "get the government off the back of the people" rhetoric has greatly expanded Big Brother, provided only that it is in support of his declared social goals -- catching welfare cheats and such. The ends do justify the means, you know, as long as it is your own ends you are after. -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mtune!mtgzy!norm@RUTGERS.EDU (n.e.andrews) Subject: Re: ssn's Date: 7 Oct 87 15:29:29 GMT > Why bother? What horrible deed can be done with it that makes it worth > not giving it out and the hassle that might follow? False income tax returns could be filed against someone's social security number. I suspect the consequences of that could qualify as a hassle... There must be other bad things that could be done using people's social security numbers, all of which could cause the real owner a lot of unnecessary trouble. I never did like the idea of tying the unlimited power of the State so intimately to everyone's personal business... -Norm Andrews, speaking for himself -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: matt@oddjob.uchicago.edu (Godfather to putty-tats) Subject: Re: ssn's Date: 9 Oct 87 21:28:58 GMT Guess who asked for my SSN this week. The Phone Company. I was ordering new service preperatory to moving and they first asked for employment information. I said "You don't really need that, do you? I'm a current customer and you know I pay my bills." The clerk said "Just a moment", then read me my employer's name and my (previous) title! Then she asked for my SSN to "complete their records". I hollered quietly and she said, "Actually, you can decline." Matt Crawford -*-*-*-*-*-*-*-*-*-*-*-*-*-*- From: mcb@lll-tis.arpa (Michael C. Berch) Subject: Re: ssn's Date: 8 Oct 87 23:06:48 GMT To: This came up before in a Usenet newsgroup and is worth reiterating here. Look: I don't care what your feelings about giving out SSNs are, or what effect it has on your privacy, or how the country is going to hell in a handbasket because of the pervasive use of SSNs. Just DON'T, under any circumstances, just "make up a number" and give it out. The odds that it is already assigned are substantial. (And don't weasel around about how the 900's aren't used for SSNs; they're used by the IRS as "Taxpayer Identification Numbers" (TINs) and belong to people/corporations, too.) If I got tangled up in a bureaucratic mess about some purchase or payment or tax matter because some pinhead "made up a number" and it happened to be mine, I would be massively (and justifiably) pissed off. "Making up a number" is an anti-social, offensive thing to do, and one that (even given my laissez-faire, anti-authoritarian point of view) I would not hesitate to report to criminal authorities if I discovered it. Michael C. Berch ARPA: mcb@lll-tis.arpa UUCP: {ames,ihnp4,lll-crg,lll-lcc,mordor}!lll-tis!mcb -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Sun, 11 Oct 87 23:06:51 EDT From: lear@aramis.rutgers.edu (eliot lear) Subject: Re: ssn's Hi Curios, If someone wants to do a credit check on you, generally they need only your ssn and your permission. If they don't have the latter, they shouldn't have the former. Eliot -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Mon, 12 Oct 87 08:31-0700 From: The Bandit Subject: moron social security numbers. I have seen numerous messages fly by these past few weeks regarding the sense (or nonsense) of keeping one's ssn private. All too often people declare that ssn's are unique. Would that this were true, but, unfortunately, it is not. Because uniqueness is not guaranteed, I prefer not to give out my ssn. I certainly wouldn't want someone's tainted credit rating affecting my rating, nor would I wish to demolish someone else's -- were such dire things to occur. Derek Haining Academic Computing Services University of Washington Seattle, Washington (206) 543-5852 DEREK@UWARITA.BITNET -or- DEREK@RITA.ACS.WASHINGTON.EDU -*-*-*-*-*-*-*-*-*-*-*-*-*-*- Date: Fri, 16 Oct 87 11:02:00 EDT From: "Una R. Smith" Subject: SSN Yes, it's much easier for people to manipulate information about you in a computer when they have your SSN, since it's a variable that can be matched so easily. But the flip side of that coin is what worries me. Think how easy, with a NINE digit number, it is for data coders to make keystroke errors. Of course this can happen with your name, but names have familiar patterns, or are very unfamiliar. Either way, the rate of error should be lower for coding names. But even if it isn't, that's ok, because few (if any) organizations with information about you will ever even attempt to merge data by your name. If 2 files are being combined, and your name is the common variable, and there is an error in 1 name record, there is no match. But if the SSN is used, and a coding error has occurred, there is the chance that SOMEONE ELSE'S history will be appended to your name, either under your SSN, or under theirs, depending on the coding error. Now, if you are a bad customer or whatever, you don't really care if this happens, because the chances are your history will only be improved. But if you are one of those sterling types who always pay on time, etc. and you "have nothing to hide, so why not give the SSN without a fuss", you might be burned badly. And even if the error isn't terrible, getting the problem fixed can take a long time. Just try telling someone that thier records on you are WRONG, especially if they have them on a computer. The chances are high that you will only get to talk to someone who either 1) believes computers don't make mistakes, or 2) is afraid of the computer, or 3) doesn't know how to correct the records on you, since they are hidden in the computer, and doesn't want to bother finding out, or 4) CAN NOT change the data in the computer because someone down the line never imagined that changes would be necessary. If you think any of the 4 cases above is unrealistic, let me assure you that I know of instances of all 4 cases occuring. My mother is still fighting the property tax administrator in her city after 2 years because the records she got out of his computer database, thanks to a naive underling, do not agree with the tax assessments people in her neighborhood have been paying. The difference, she has discovered, amounts to nearly a million dollars annually coming out of single family residences instead of appartment complexes. The tax administrator's office has been stonewalling for over 2 years because they won't admit that there is no way, currently, for them to get to the actual data; they insist "the printout is wrong." This is clearly an example of case 4 above, with maybe a little old-fashioned corruption thrown in for good measure. Recently someone said he hadn't withheld his SSN in the past, so there is no point to beginning now. I strongly disagree. No one is going to make any great effort to match SSN's to data about you by hand, and it's unlikely that if they do have your SSN that they also have a way of looking at your name and address via computer. After all, the SSN is so handy just because it lets merchants, etc. treat your name as just the first line of your address. The format is often free-form, and it is difficult to extract your name in program-driven databases. They certainly won't get any help from the SS Administration. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987110922484800> From: *Hobbit* 11-Nov-1987 06:28:48 To: security@RED.RUTGERS.EDU Subj: [3461] Iwamoto's lock questions Well, the first one with the dimples [I forget the name -- K-something] is relatively straightforward; the dimples simply push pins outward from the keyway certain distances like a regular pin lock. The pins protrude into the keyway from a couple of different directions; the theory being that such a configuration is harder to pick. Well, they tried. The severe limitation here is the number of cuts per pin -- the total travel isn't that far, so you can only have three or four distinct cuts [i.e. dimple depths] per pin. They compensate by using more pins. A similar method is found in Fichet cylinders, which use a key with an H-shaped cross section to address four rows of pins. The other kind, with the slanted cuts, are Medeco or Emhart. Ahh, Medeco. I've recently had an in-depth go-round with a few of these myself after they installed them on my office area. These are in theory "unpickable", because of a rather complex sidebar system and lots of "false" positions that the parts can get into but still not open the lock. The configuration is similar to a standard pin-tumbler lock in that you have pins and drivers as usual. The difference is that the pins are chisel-cut, so that when they drop into the V-shaped key cuts they are forced to rotate to conform to the cut orientation. Into the right side of each pin are milled one or more vertical slots, about .025 inch deep for the "real" slots and less for the false ones. Located just to the right of the pins is a sidebar which normally protrudes into a slot in the shell. The sidebar has six little flat teeth, each of which sticks through a small hole directly at the side of each pin and each of which is slightly narrower than the pin slots. If the pins are rotated such that all the deep slots line directly up with the sidebar teeth, the sidebar can fully retract into the plug, allowing it to turn. If any tooth encounters the side of the pin, or even a false shallow slot, the sidebar blocks rotation. All this is in *addition* to the regular pin-driver action, which is further confused by liberal use of mushroom drivers and funny shapes at the top of the pins. The pin tops are slightly beveled so that they bear against the driver with a small contact area. This allows easier rotation. However, all this is perhaps not as hairy as it sounds. The rotations are limited to zero and plus/minus 30 degrees or so. I believe there aren't a lot of different cut heights, either. While ding near impossible to pick, it's possible to fool with it until it cocks over into some false positions. At this point it's possible to get some information about the insides. Very occasionally someone does get lucky and successfully picks one open, but not at all repeatably. The blanks for these are usually restricted, the cut keys are registered with the company and have "do not duplicate" stamped all over them, and not every place that does keys has a Medeco machine, which is apparently expensive. Creative sheet metal work can get around this, but the tolerances involved are quite exacting. One thing Medecos have going for them is that they are *very* nicely machined; if you removed the sidebar assembly from one it would still be a pretty decent lock. [Note that if you remove the sidebar, pin rotations no longer matter.] _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111004022400> From: herbison%ultra.DEC@decwrl.dec.com 11-Nov-1987 11:42:24 To: Security@Red.Rutgers.EDU, HERBISON@decwrl.dec.com Subj: [3306] Re: Why secure systems? Nick Papadakis presents an essay by RMS that argues that computers should be open rather than secure. This may work for many computers, but I believe it is wrong to take this approach for all computer systems. The main reason for my belief is that large numbers of computers are used for critical operations of various types. RMS says that vandalism `was very rare' on the systems he used as an example. This means that there were very few people vandalizing the system just because it was there (the vandals had no other reason to do damage). But for many computer systems, there are other reasons to do damage: To hurt the organization that runs the computer. To gain financially. To change the `real work' done by the computer. Imaging running the following computers openly, without security: - A computer that handles the payroll and accounting for a corporation. A `minor' piece of vandalism could bankrupt the corporation and ruin the lives of employees that financially survive from check to check. - A computer used to develop the software for a piece of hospital equipment. Errors caused by someone who didn't know what they were doing could endanger the lives of large numbers of people. - A computer that is used to count votes. The basic freedoms that we have in this country depend on fair votes, but insecure voting systems could allow any fanatic to change the result of a vote and of history. - A computer that supports the operation of the stock market. In a few minutes a compromised computer system could place enough fake sell orders to make the October crash look minor. Sure, eventually it would be detected that that the original sell orders that triggered the crash were fake, but by that time the world economic system would be a shambles and saying `lets forget all of the trades on all the markets in the last week' wouldn't work. Running an open computer system is a great idea, and should be done whenever possible. But don't do it when sensitive operations are on the line (including, but not limited to, finance, investment, accounting, health, personal data, and voting). Or at least wait until it can be shown that people can be trusted. A suggested metric: When a year passes without any instances of fraud or robbery worldwide. Our need for computer security just reflects the fact that we cannot trust that all members of society will always act for the benefit of society. As long as this is true it isn't safe to open all computer systems to everyone. Criminal acts did not start with computers, and I don't believe that opening up computer systems will end criminal acts. B.J. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111007535300> From: UJ0%psuvma.bitnet@RUTGERS.EDU 11-Nov-1987 15:33:53 To: rutgers!misc-security@e.ms.uky.edu Subj: [3324] Re: night scope There are lots of places where you can allegedly get night vision devices... I'm not sure if they're all bonafide. However, a few that come to mind are: NIGHT VISION DEVICES: AN/PVS-3A starlight scope Excalibur Enterprises AN/PVS-4 starlight scope P.O. Box 266 AN/PAS-4 IR scope Emmaus, PA 18049 AN/PAS-6 IR scope (215) 791-5710 (military issue) IR binocs, scopes CCS Communication Control, Inc. 160 Midland Ave. Port Chester, NY 10573 (914) 934-8100 AN/PVS-2 ind. weap. sight LRRP Security Services, Inc. AN/TVS-2 crew weap. sight Box 1620 (military issue) Aiken, SC 29801 (803) 649-5936 AN/PAS-5 IR binoc/goggles G.S.A.D. Inc. (Israeli army issue) 205 South Kuhn Drive Manhattan Beach, CA 90266 (213) 374-4086 scopes, binocs... LEA Law Enforcement Associates 700 Plaza Drive Harmon Meadows/Route 3 West Secaucus, NJ 07094 (201) 864-0001 AN/PAS-5 The Dutchman P.O. Box 12548 Overland Park, KS 66212 1-800-821-5157 scopes, binocs... Microtron 42-38th Street Wheeling, WV 26003 (304) 233-8007 LASER GUNSIGHTS/TARGET DESIGNATORS Executive Protection Products, Inc. 1834 First St., Suite S Napa, CA 94559 (707) 253-7142 API Marketing 1600 Monrovia Ave. Newport Beach, CA 92663 (714) 722-9087 Some of these companies sell active IR systems for as low as $400 or less... the starlight scopes are certain to be at least around $1000. While I'm not in a position to make any endorsements or recommendations ("just an interested observer"), obviously ambient IR and starlight scopes are the best, since no external light source is involved (with the other systems, someone else with an IR system will see your 20,000 candlepower searchlight plenty fine as you slink through the foliage thinking you're invisible) but it all depends on what you plan to use it for. Definitely keep in mind that these, as with all elec- tronic devices, have very delicate innards, and as a weapon sight, it will take quite a bit of abuse (rifle recoil, temperature, humidity) so get the beef on it from the people you're dealing with. Another good way they can quickly get toasted is from an overexposure (someone shining a light into your image intensifier, a sudden heat source appearing, etc...). Some are protected, but I believe many aren't. That's about all I can contribute for now... let me know how you make out. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111008195400> From: bzs@bu-cs.bu.edu (Barry Shein) 11-Nov-1987 15:59:54 To: nick%MC.LCS.MIT.EDU@eddie.mit.edu Subj: [3168] Why secure systems? Richard is basically correct about his social assessment of centralized computing services. He characterizes the situation as being akin to the Soviet Union, I would say more like martial law in a scarce resources situation (which, some argue, is really what explains the current situation in the Soviet Union, sort of an emergency restriction on freedom that has been convenient to leave in place these 70 years, for some.) Today the situation of the central computing facility is becoming more curious. The resources are no longer terribly scarce but the "oligarchy" continues in their ways. For example, on our large IBM a student account is assigned about 1MB of disk storage (max.) He can of course try to ask for more but the bureaucracy can be very discouraging. That's about the storage of a single floppy disk in today's world. How ludicrous it must look to a student who just bought a PC with a 20MB disk for $900 that he is far more limited on this $6M machine! Other resources are similarly restricted (eg. the biggest memory image anyone can run is 11MB even tho it has 64MB physical, and this is touted to the campus as some sort of super-computer, achh, pfft.) The focus is no longer on the cracker. What is happening today is that these computing organizations are becoming wholly irrelevant to anyone other than a very small sector of the community with very special needs (such as to run the big name packages, for example last I looked it was hard to get a paper published in medical fields that didn't present its statistics as having been produced by one of a few well known packages.) Hence people are simply going out and buying their own systems in droves and, for the more ambitious, purchasing servers of their own to help integrate an environment of quite a bit of power. The last stand for the computing center is the network, it's the last bit of centralized service that anyone is interested in getting from them. I notice that many of them have a lot of trouble with the fact that they cannot produce accounting charges for ethernets. So they find other ways to bang people over the head with the cable (restrictions in gateway software, per-port charges etc.) It's all futile really and just a tragi-comic last hurrah for the vested oligarchy. People I speak with will gladly build their own little networks etc, even if they're less effective, if the central organization becomes too overbearing with their backbone. I guess what I'm saying is that RMS's note is true but technology has removed most of the motivations. No one views the central computing facility as having the good toys anymore, envy is gone, heck, interest is gone, we've developed a whole breed of people here now who have never even used the central facilities (around here that would be a shocking statement in the right crowd.) Most of these folks correspond very closely with the sort of crowd who would have produced the hackers (eg. computer science, computer engineering etc.) -Barry Shein, Boston University ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111010001900> From: ron@topaz.rutgers.edu (Ron Natalie) 11-Nov-1987 17:40:19 To: misc-security@RUTGERS.EDU Subj: [201] Re: hotel deadbolt hacks Not against fire regs to my knowledge. Firemen don't use keys. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111011200600> From: shore@epiwrl.epi.com (John Shore) 11-Nov-1987 19:00:06 To: misc-security@uunet.uu.net Subj: [388] IR detector recommendations? I want to install an IR-detector with @al horn to improve the security in a small business office. Is there a brand that does the job reliably and that doesn't cost too much? js - John Shore shore@wrl.EPI.COM ...uunet!wrl.epi.com!shore ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111011215800> From: brock@pnet01.cts.com (Brock Meeks) 11-Nov-1987 19:01:58 To: crash!security@rutgers.arpa@bass.nosc.mil Subj: [878] Picking locks on pay phones Here in San Diego we've had an unusual round of news reports about "a man with a pony-tail" that is "the only known person in the U.S. that can pick the lock on pay telephones. He is known to frequent Country and Western bars and carry large amounts of change." He is said to reap about $2,000 a day from his "speciality." The police say there are "tell-tail scratch marks" on the phone lock boxes. Question: Is there any truth to these news stories? Is it possible that only one person in the U.S. can pick the lock on a pay telephone? If so, what makes these locks so damn hard to pick. (And, in what sounds like an easy way to pick up a good piece of spare change, why isn't this activity more widespread?) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111012565000> From: Bill Sommerfeld 11-Nov-1987 20:36:50 To: Nick Papadakis <@eddie.mit.edu:nick@MC.LCS.MIT.EDU> Subj: [3831] Re: Why secure systems? [You wanted flames.. Here comes one ] Stallman's comments may make sense for a small, cooperative community, where everyone has a chance to know everyone else, and everyone involved has at least some interest in the "common good". However, not all computer-using communities are like this, and there are very good _economic_ reasons (involving the cost of hardware) why many cannot be set up this way. Computer security is somewhat like locks on doors; it isn't perfect, but it serves to deter vandals. Most people can't get through them without keys. People who can get through locked doors generally fall into two categories: responsible (locksmiths), and irresponsible ("criminals"). [There is also a very small group of "amateur locksmiths" in the middle who have some of the skills necessary, are officially part of the criminals, but only apply the skills for "exploration" of interesting areas. These people may make up a fair proportion of this list, but are probably not a significant proportion of society at large; in any event, they generally do no harm to society]. To argue that removing locks is the best way to eliminate crime makes no sense. Perhaps it would work in a truly cooperative ``socialist'' society, where everyone put the good of the whole ahead of personal gain. There are examples of small groups where this holds to a certain extent (for example, a typical family unit), but there are very good reasons why a large-scale version of such a society, cannot exist. What does this have to do with computer security? What it boils down to is that the shared use of any resource (includiing computers) by a group of people who do not have a compatible set of goals requires some form of internal compartmentalization or ``security''. For example, think about a timesharing system or shared fileserver being used as part of a class. It is certainly in the interest of the students to prevent others from destroying their work. It may be in the interest of the students to _not_ allow other people to copy their work (at least, not without permission); it is certainly in the best interests of the teacher to provide a means to limit un-credited plagiarism. If the class involves individual work, then the solution is simple - have everyone put all their work on removable media, which they can carry around with them. If, on the other hand, the class involves work in small teams (as is the case in the software engineering and compiler courses around MIT), the use of removable media makes cooperation impossibly hard, and there needs to be some way to set up common file space which only the group members should be able to access. A security/protection system which prevents people from doing work is clearly counter-productive; studies have shown that programmer productivity increases when there are no internal security barriers which get in the way. The key is to design a security system which provides enough flexibility and is easy enough to use so that it doesn't get in the way of people trying to do work. Of the systems which I have used, Multics comes the closest to this goal [1]. There are far too many poorly designed protection systems out there -- UNIX is one of the really bad ones. Bill Sommerfeld (MIT '88) MIT Project Athena [1] Multics AIM (the access isolation mechansim, a non-discretionary access control system), is the only big wart -- it was designed to prevent trojan horses from letting classified information escape, and instead is probably a big waste of the users's time. It was also kludged in after the original design. Fortunately, it doesn't have to be used. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111017013300> From: 12-Nov-1987 00:41:33 To: security@red.rutgers.edu Subj: [1246] Student Lab Security and Preventing Trojan Horses We have an interesting solution to the problems of preventing 1. software theft from student labs, 2. surreptitious patching (Trojan horses). Application software is stored in an encrypted form. A special loader takes the encrypted image, decrypts (thus verifying), loads, and starts it. As an added bonus, the loader may also record accounting information. The loader must provide its own security by 1. verifying it is not running on a pirate machine, 2. not divulging the encryption password, even under interrogation, 3. ensuring that its own image has not been patched. Students may copy software, since it is useless without the loader. An image can only be modified if both file security was compromised *and* the intruder can decrypt, patch, and re-encrypt the image. The procedure is almost transparent. The user must prefix the usual command with the name of the loader, for example, if the loader is called "RUN", the user must type "RUN VISICALC". Derek Andrew, U of Saskatchewan, Andrew at Sask on BitNet/NetNorth ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111107093000> From: Jeffrey Del Papa 12-Nov-1987 14:49:30 To: marks@Sun.COM Subj: [579] re: master keys > Talking about master keys and such, has anyone seen a type of > key that has no teeth and it is just a straight piece of metal? those sound a lot like one of the old sargeant systems. basically what they had was three intersecting sets of pins 120 degrees apart, the idea was that you had to pick 3 sets to get in, without any guides for the pick. The weakness was that the keyhole was large enough to allw easy mutiliation of the pins. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111108241600> From: rutgers!.csc!im4u!ti-csl!dnichols@uunet.uu.net (Dan Nichols) 12-Nov-1987 16:04:16 To: uunet!misc-security@uunet.uu.net Subj: [953] Home security I just had my home burglarized last weekend and am now looking into various ways to prevent or at least deter this from happening again. Has there been any previous discussions about this? If not, how about getting one started? Does anyone have any personal experiences with security services? The options seem to range from $3000 monitored systems down to timers for your lights and a dog in the yard. I have two young children and a cat and small dog which make a motion detector pretty unusable. Any ideas? Dan Nichols USENET: {allegra,ihnp4,uiucdcs,sun} !convex!infoswx!ti-csl!dnichols POB 655474 M/S 238 ARPA: Dnichols%TI-CSL@CSNet-Relay Texas Instruments Inc. CSNET: Dnichols@Ti-CSL Dallas, Texas VOICE: (214) 995-6090 75256 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111108490100> From: NESCC%NERVM.BITNET@wiscvm.wisc.edu (Scott C Crumpton) 12-Nov-1987 16:29:01 To: SECURITY@RED.RUTGERS.EDU Subj: [1404] PC security There are several systems on the market that will provide a security function for a PC with a hard disk. Some of these systems are quite sophisticated; including such features as user authentication, user login and program usage audit trails, access controls for files and directories, data encryption, access controls for the floppy drives, etc. I have a system called ENIX.SYS from VuTek on my PC at work. Unfortunately, it's an orphan now. One of the features that it had that would be particularly useful in the PC lab was the ability to create directories that were execute only. Definitely a deterrent to software theft. ENIX.SYS is a hardware based system with a device driver to interface to DOS. Currently, I am only using the hardware to prevent unauthorized persons from using my PC, the rest of it isn't of much value on a single user system. I was using the automatic data encryption feature, until the first time I ran Disk Optimizer and totally scrambled my hard disk. Anyway, these systems do work. But you need to be very careful in selecting one. I would definitely require an evaluation unit before purchasing one. Prices range from $200 to $2000 per PC, it all depends on how much the data/programs are worth. ---Scott. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111108594200> From: mason@oberon.lcs.mit.edu (Nark Mason) 12-Nov-1987 16:39:42 To: IWAMOTO%NGSTL1%eg.ti.com@relay.cs.net, security@RUTGERS.EDU Subj: [1345] RE: the KEY Discussions The first lock you mentioned, a seemingly blank peice of metal with dimples cut in the side is most likely a Kaba or Dom. They work the exact same way as a regular lock except instead of the pins pointing top to bottom they point side to side and the dimples cut to varying depths substituted for the notches in the top of a conventional key. This way there can be more than 1 set of pins. I have seen then with 4, more could be done easily. The second type is a medeco. The notches in the key are cut at an angle, there are 3 orientations labeled Left, Right and Center. The pin that contacts the key is wedge shaped instead of pointed, so the pin has to be in the rght orientation as well as the right height. Each pin has a notch in the side of it, when they are all at the right orientation the notch is pointing perpindicular to the lock. There is a bar in the side of the lock that has fingers that fit into each of the holes. When the pins are all at the right orientation all the fingers slide into the slots, the bar slips to the left and if the pins are all at the right height as well the lock can be opened. Medecos are effectively pick proof. Nark ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111109560500> From: gwyn@brl-smoke.arpa (Doug Gwyn) 12-Nov-1987 17:36:05 To: misc-security@uunet.uu.net Subj: [1137] Re: mastered systems >Similarly, if you're going to try and determine the master combo for a given >system, you do need to take at least one example apart. Actually, if you have an operating key, you need not remove the lock cylinder in order to determine all the pin splits in it. Obtain one extra key blank per pin column (7 for the typical institutional Best lock); duplicate the operating key except for one column on the blanks, omitting a different column on each blank. Then, for each blank, try it with the omitted column cut to number 0 (high), then 1, then 2, ... and record which bittings open the lock. That tells you what the splits are in that column. The whole set of trials tells you what all the splits are in all columns. The best way to cut the keys is with a code machine; next best is to duplicate from a depth key set; third best is to set up an extra cylinder plug with just one pin of the desired length in the appropriate column, and file down the key until it brings the pin flush with the plug. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111110230900> From: quintus!gregg@Sun.COM (W. Gregg Stefancik) 12-Nov-1987 18:03:09 To: security@red.rutgers.edu Subj: [945] Picking the Best control shear According to some books on the subject of interchangeable cores it is possible to pick the control shear only by applying tension to the control sleeve only. By applying tension to the control sleeve only, the pins will only bind at the control shear. You may ask, how does one apply tension to the control shear? Best cores have holes in the core sleeve for ejecting pins, one merely modifies a tension wrench to fit into one of these holes such that it only contacts the control sleeve (the upper most sleeve layer). If your wrench goes into the hole too far you will be applying tension to the entire core assembly which will get you no where fast. I have yet to try the above technique, but logic seems to say that it should work. Gregg Stefancik Professional Security Consultant ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111201494900> From: Jose Rodriguez 13-Nov-1987 09:29:49 To: security@red.rutgers.edu Subj: [1965] something of some interest, subject: breaking DES Subject: Authentication protocols Date: Thu, 12 Nov 87 12:19:21 -0500 From: Craig Partridge Something to think about when using DES.... Date: 12 Nov 1987 11:11-EST From: Eric.Cooper@spice.cs.cmu.edu To: end2end-tf@venera.isi.edu Subject: RE: Breaking DES Here's Evi's response when I asked her a week or so ago: Date: Fri, 30 Oct 87 19:32:32 MST From: evi@boulder.Colorado.EDU (Evi Nemeth) To: Eric.Cooper@SPICE.CS.CMU.EDU Subject: Re: DES breakthroughs? the break is in the diffie hellman key exchange for des based on 127 bits. it was done quite a while ago, solving the discrete log problem for the field 2 ** 127 -1. the work was with ron mullin at the university of waterloo. the actual implementation of the algorithms was done on the denelcor hep supercomputer (since defunct) in 1984. there were several technical papers by mullin and by coppersmith at ibm yorktown on the method of attack. our paper on the implementation which includes a description of the algorithm but not the gory details, was in the proceedings of the international conference on parallel processing in the summer of 1984. i can send you a copy if you dont have access to the proceedings. the paper actually won the best paper award at that conference, no $$, but i got a plaque for my wall and denelcor sold a machine to nsa. the reason i mentioned it to van was that sun has now done two talks at meetings about their security on the network that is based on des using the diffie hellman key exchange in exactly the field that we broke. both times the talk was given by the programmer who is implementing it not the mathematician who decided what to be implemented. i pointed them again to the papers on it; hope a number theorist there actually reads them. evi ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111203373700> From: 13-Nov-1987 11:17:37 To: security@red.rutgers.edu Subj: [463] RE: Bumper Beepers. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). However, I imagine that installing a beeper on someone else's car without their knowledge or permission is trespassing at the very least. Ed ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111208161200> From: rogers@marlin.nosc.mil (Rollo D. Rogers) 13-Nov-1987 15:56:12 To: @eddie.mit.edu:nick@MC.LCS.MIT.EDU Subj: [1754] Re: Why secure systems? Well, as a Computer Security person i look at this a little differently to say the least. There may be some system admin or security people that run a very tight ship(computre system wise). However, i agree that the users must be able to get their work done in a timely and efficient manner. But i have a problem with just making it an "open" system for just anybody to access. In the DOD we have systems that store and process National Security Info as well as Sensitive and Privacy Act data. Certainly we have the right to insist that users have a need-to-know for these type files stored on a given system. A user also has the right to decide which other users are going to be allowed access to the files he/she creates. We just cannot open up all the data on the system to every user just because they think it would be "nice"! There is a serious problem now with the management of the SUPERCOMPUTER systems in the U.S., as the universities want to open the system up to any scientist user in the world(including the users in the USSR). This can be a real problem since these computers can be used for military weapons APPLICATIONS. Should we deny this type of user access to these powerful tools? In conclusion, i think that we have to strive for a happy medium while trying to balance the need for Computer Security with the users requirement to get the job done. But if i am going to err, it will be on the side of Computer Security and the protection of data stored on the system! As the saying goes, 100% security equals 0% productivity!! REgards, Rollo Rogers, ADP SECURITY ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111209072000> From: Larry Hunter 13-Nov-1987 16:47:20 To: sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez) Subj: [2072] Re: night scope I am once again asking about this stupid machine. Where can I buy either a used or surplus nightscope/ or if available and totally independent infrared sniperscope. I'm not sure what you mean, so I'll tell you about both light amplifiers and infrared devices. Amplifiers are nice in that they are passive (no one can find you by your light source) and can provide better images, but IR is much cheaper and pretty effective for most applications. They're not as expensive as you might think if you're smart about shopping around. First, if you're looking for second hand stuff, avoid first generation (multi-tube or multi-stage) light amplifiers -- they just don't work that well. Second, try electronics houses that don't specialize in surveillance or police stuff. Light amplifiers: SEC (Standard Equipment Company) / 9240 N. 107th St. PO Box 2360 / Milwaukee WI 53224 : NVS-80 75-1200mm monocular night scope (for mounting on a camera) $2795 [If by sniperscope you mean something intended for mounting on a gun (now why would anyone want that?) then try their NVS-520 for $4495] Edmund Scientific (Great source, low prices!) 101 E. Gloucester Pike Barrington NJ 08007: Night Vision System K31073 75mm including eyepiece $2495 InfraRed stuff: ETCO Electronics / North County shopping center/ Rt 9 north/ Plattsburgh, NY 12901 : Excellent infrared viewer and source powered by 4 D batteries. Light weight, possible to take excellent photos, field of view about 150 ft. Price is $279, + $10 for a battery pack and $15 for a 10X objective. There may be an even cheaper kit version available now. Great deal! Edmund also has a variety of IR sources, conversion lenses and viewers. You could add a high power IR source to the ETCO viewer and have a gadget that the "surveillance retailers" sell for $4000+ for less than $500. Happy viewing.... Larry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111216004500> From: UJ0%psuvma.bitnet@RUTGERS.EDU 13-Nov-1987 23:40:45 To: rutgers!misc-security@e.ms.uky.edu Subj: [398] Infinity Ever heard of an "Infinity Transmitter"? It allegedly would allow the user to dial a phone number and disconnect the ring. By amplifying the signal, it would allow the user to eavesdrop anywhere where there was a phone. I heard that they exist, but maybe not... Paranoia ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111216363300> From: Jonathan Harris 14-Nov-1987 00:16:33 To: security@RUTGERS.EDU Subj: [795] SSN In reply to the few examples people brought up of how someone can destroy you with a knowledge of your SSN: (1) The activities--getting the false drivers license, using it to obtain information about you, etc... are all serious criminal offenses. The abuser would cause you some hassles, which you would eventually clear up, and eventually find himself in jail with felonies on his record, drunk driving, etc... The reissue of the drivers license would certainly show up on the public record and be evidence in your favor. (2) If he really wants to be that nasty there are much easier ways then that to cause you trouble. ie. vandalize your house or car. ---JOnathan ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111310233900> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 14-Nov-1987 18:03:39 To: misc-security@uunet.uu.net Subj: [756] Re: Yet more about SS numbers Strange how none of the posted responses noted the root problem, that there is seldom any verification that a person is who he claims to be. Some people have several SSNs to take advantage of this situation and maintain multiple "identities". I wish there were a definitive court case that would throw out any evidence compiled against an individual without every entry being validated, for example by fingerprint matching. Surely we have the technological capability to perform accurate personal identity validation; it wouldn't be much more elaborate than the current credit-card-authorization-by-modem scheme. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111407030500> From: warren@xanth.cs.odu.edu (Frank F. Warren Jr.) 15-Nov-1987 14:43:05 To: misc-security@mcnc.org Subj: [566] Re: Internal setscrews >Does Medeco or Abloy have any such mechanism? *That* would make things >pretty difficult... Yes, Medeco does produce interchangable core cylinders compatable with certain Yale housings. Frank Warren, Jr. Old Dominion University - Norfolk, Virginia warren@xanth.cs.odu.edu Old Arpa: warren%odu.edu@RELAY.CS.NET warren@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!warren Packet: KB4CYC@WD4MIZ ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111518345300> From: Matthew Hull 17-Nov-1987 02:14:53 To: SECURITY@RUTGERS.EDU Subj: [14206] Computer Security Systems I think that for the first time since I signed into this SIG I may be able to contribute, since opinions are cheap and I have many and no knowledge is required ;-) But before I do I'd like to cover my *ss a bit by clarifying that I understand that the opinions expressed were not necessarily those of Mr. Papadakis' and that any references to 'you' are probably the universal 'you' or to those who disagree with my opinion. I'd also like to deny permission to all persons to use this message, and any reply messages which contain references to it, to my detriment by bringing it to the attention of my employer (either directly or indirectly). [Hey, it can't hurt.] _Part_One_ >If you look at the social organization of the users on a typical >timeshared computer of today and compare it with other social groups, it >most resembles the Soviet Union. It is pervaded by suspicion, ruled >arbitrarily by a small oligarchy, and hostile toward outsiders. This >arouses resentment, which inspires the security crackers. But the >authoritarian social organization itself is a worse problem than the >crackers are. I must confess that this rings truth to me. It _does_ resemble a totalitarian organization. As a means for an efficient execution of the tasks which a computer is typically used to perform, this form of organization is a natural answer to the problem at hand. Doesn't make it right, but it _is_ efficient. Usually, the running of a computer system centers around making sure a known set of programs executes as needed. Additionally, the administration is responsible for the development of new programs and to maintain the existing system in response to dynamic needs as defined by the owner of the computer. The oversight of a running system is relatively simple and easy compared to maintenance and development, and requires no more sophisticated form of organization than the totalitarian one which typically exists. That is _why_ it exists (or at least one reason). The second main task, maintenance and development, figures a smaller role in the system of things (although it gets far more notice), and can also be handled efficiently by "a small oligarchy." Does efficiency justify the occasional unfairness implicit in an organization where the few rule the many? Probably not, in a theoretical sense. But in a practical sense, things are different. You can use a political organization as an allegory as convenient, but remember it is _only_ an allegory; and perhaps, not a very good one. In a political structure the assumption most Americans assume is that the organization exists to serve the people. This is not necessarily the case with computer organizations. In the political world many have adopted the idea which exists in our own Constitution that man has by natural law a certain set of inalienable rights which it is the responsibility of the political organization to defend and ensure. This is certainly not the case in a time-sharing computer organization. The users are using a machine owned by a 'legal entity' (ie. a person, a company, the State or National government) and are not participating in anything as basic as the right to a free and peaceful life. The users _do_not_ have a certain set of inalienable rights granted by natural law in the use of a someone's computer, and cannot expect treatment similar to that given them by their political government. This means that if you are repressed, you _do_not_ necessarily have the right to object. If you are not among the privileged few, you _do_not_ necessarily have the right to rant and rave your inequality, nor expect that things will (or even should) change for your approval. In sub-conclusion, whereas the typical organization is similar to a totalitarian government, you do not have any natural right to expect or demand 'better' treatment. _Part_Two_ >Most computer users see no alternative. I am fortunate in having >experienced one. At the MIT laboratory where I have worked as a >researcher for ten years, our old computer system treated users as free >equals with a responsibility to cooperate, and guests were welcome. Our >hospitality guided clever young people to become responsible engineers >rather than crackers. >The software on most computer systems is designed to support the ruling >class just as surely as the KGB is. The software written and used by >the hackers at MIT was designed to make users free and equal. Our >system had no restrictions that could be imposed on selected users; all >users were treated alike. Thus nobody could seize power by restricting >everyone else. We did not care whether a change to the files was >authorized; we cared whether it was an improvement. This can only be >decided by human beings, on a case-by-case basis. So, rather than >having file protection to control changes, we called for discussion >of any planned change. These paragraphs, and most of the rest of the excerpt, argue that a 'free system' is better than a traditional system with restrictive security measures. For 95% of the world's computers, this is simply not true. And perhaps Stallman would agree: "We should put military secrets, bank records and the like on computers with strict security. For other activities, we should have computers that are free of security, and free of its burdens." The trouble is that almost all systems consider their data just as important and confidential as any bank. And I argue that they _should_ have the right to decide how confidential their data will be, using strict security, because it is _their_ computer. Now, if you restrict your generalization of "a typical timeshared computer" to computers used for educational purposes, with no data of any sensitive nature, then the argument immediately becomes more tolerable. Presumably, with no sensitive data to protect, the administration which owns the computer should allow the users a 'free system' in which to work and learn. The users in this 'free system' would be responsible to no one for their actions, would have free access to all files of any nature, would be able to allocate resources on a first come, first serve basis, and would not be limited in the content and use of their files and programs. And such an environment would be conductive to the growth of "responsible engineers rather than crackers." This sounds very nice, and would likely be quite acceptable in an environment of responsible engineers, but when put into an environment of 18 - 22 year old students at a typical university, comes out only as the pipe dreams of an old UNIX hacker (pun intended). At this university, which I judge typical, there _are_ people who would delete a person's files given the opportunity. Maybe the computer users at MIT were exceptionally considerate, but at the typical university the typical user is a student using the computer only for the word processor, and has little knowledge and less respect for the computer, it's structure, and it's users. Nevertheless, I suspect that vandalism would still be rare (my basic optimism in humanity :-)) but when it did occur it would be drastic ( $ Delete *:[*]*.*;* ). Should such disasters be _allowed_ to occur? More often, I suspect, would be the individual disasters where Mr. X gets Mr. Y pissed off, and Mr. Y is a total jerkface, so Mr. Y deletes, or worse, encodes, all of Mr. X's files. Perhaps a user prefers that his resume, and his letters to his wife, etc., are not available to the general public? Should we be limited to simple trust that no one will look into his private directory of files? There are problems in all of the freedoms in your free system, not simply the obvious one concerning file protections. You let slip an indication of a potential problem in your article: "And if a stranger came to the lab and wanted to play with the computer when it was not fully needed by us--we let him!" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ What's this I read? Who is "us?" Some of the users who are all treated alike? How can anyone "let" another equal user use what is rightfully his to use as an equal user? Oh, he's a "stranger." How can he become one of the equal users? Popular election? Have him pass a test? Require n number of hours of computer use? Pardon my sarcasm, but what is obviously needed in this case is an authority-- some person or group of persons whose responsibility it is to initiate strangers into users. This authority is also necessary to resolve an innumerable list of potential conflicts among users, even if they do all behave as responsible engineers. Who is to decide the needs of the many users of the computer? Who is to tell Mr. Y that he has used the printer long enough? Who is to tell Mr. Y that his Graphic simulation is very nice, but it takes up too much CPU time? And when they do not behave as responsibly, who is to tell Mr. Y that his Random Write program (which he uploads from floppy on occasional bad moods) is improper and destructive use of the computer system? Who is to tell Mr. Y that the female students (as a whole) do not appreciate his little pictures which he mails to them, or causes to print to their screens when they log in? Who is to tell Mr. Y that if he doesn't stop being a total jerkface, he won't be allowed to use the computer anymore? You _need_ some form of authority beyond and _above_ the normal abilities of the regular user, with the power to enforce it's decisions against a user who may not agree with them. This is what 'security' does. It also prevents Mr. Y from ever being able to do his misdemeanors before any damage is done. It protects the integrity of those files which the file owner desires to remain safe, while still allowing freedom where it is desired. It protects the ignorant from their own errors, and it protects others from a user's ignorance. And best of all, it _can_ be turned off if the protection is _not_ wanted. But many of the system level protections, such as file quotas, are in the domain of the group with authority which governs and protects the system. For an educational computer sans sensitive data, the 'group with authority over the system' need not be a small oligarchy resembling a totalitarian state. It could very well be a Bulletin Board program which allows the posting of proposals by users and the analysis of a popular majority rules vote. It could be an elected assembly, with terms of office and specific rights and prohibitions. It could be a single individual determined by the 'most creative use of the system as expressed in Assembly language.' The point is that this kind of computer environment can be governed by any type of organization, so long as the computer is put to effective and proper use as defined by the owner(s) of the computer. A completely free system without protections and without any authority would not serve this purpose. _Part_Three_ >So far the issue of security versus freedom on computer systems affects >mainly computer hackers. But, in the future, computer systems will play >a bigger and bigger role in everyone's life. And these systems will be >built on today's entrenched authoritarian tradition, unless we stop it. >The crackers are a warning sign of a problem that every American is >going to face--soon. Yes, this is at the same time wonderful and scary and sad. And also true. The difference here is that these computer systems _will_ be for the purpose of serving the people, and thus the people should have more of a say in how they will be used, and how they will be governed. The old days of Gripe Logs (public display of user complaints and the responses given by those in authority) will not suffice in these future days, and some provisions for user objections, public access and input towards policy, public 'trials' to determine guilt or innocence for misdemeanors, and a more sophisticated structure of organization with the checks and balances our own government is well known to have will need to be initiated and tested, and finally used in practice. Who knows, the organization which emerges from these public computers may well be used as the template with which new governments are formed in the 'Final Frontier', just as the corporate organization was used as a template for our own budding American government. If such becomes the case, it is my sincere hope that much forethought goes into the development of such a system. And in the interest of _preventing_ a flame war, which is much too violent a phrase, I pose the following question: What constitutes a secure and _just_ security system for a public service computer system (network?) which by definition has significant consequence over the lives of the people whom it serves? One thought that immediately comes to my mind is the old question of who will police the police? How much access should 'the police' have, and how can it be enforced? What system of input would effectively reflect the opinions and attitudes of the people served? How can a process analogous to a judicial system be executed? Can any computer system ever be physically secure, given the range of access needed (public to a large group of people spread over a large area)? I could go on and on and on and on ....... Any thoughts out there that may resemble answers? Matthew G. Hull CSU Information Systems New Britain, CT. 06050 BITNET: HULL@CTSTATEU ps. My apologies to any readers who may object to my generalization of the American government and Constitution as "ours." I mean no implicit criticism towards the government of any other country. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111518345301> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 17-Nov-1987 02:14:53 To: misc-security@uunet.uu.net Subj: [572] Re: Internal setscrews >A certain proportion of the locks in a >large campus system will "default" to the control shear line during picking. Actually, if you're really into Best locks, you should make a special tension wrench that grabs onto the holes in the bottom of the plug sleeve corresponding to the control plug. This makes picking the control shear line fairly easy. Some Best locks use spool pins, but a competent lock picker can cope with that too. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111518394400> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 17-Nov-1987 02:19:44 To: misc-security@uunet.uu.net Subj: [2306] Re: the KEY Discussions >One had no slots, per se. Instead, it essentially looked like a blank with a >number of dimples of differing sizes drilled on both sides of the blank. Sounds like the Sargent KESO system, which soon had some imitators. The blank cross-section is a squashed hexagon, with dimples milled into the flats at positions matching pins in the plug. There were three sets of pins (the key was reversible). All three had to line up their splits along the plug shear line before the plug would turn; otherwise it is just the ordinary Yale tumbler lock principle. The improved security was due to the restricted blank, the difficulty of duplicating or even producing a cut key, and the difficulty of picking three simultaneous shear lines. >In other words, instead of just making the cuts at an angle perpendicular >to the key, the cuts were offset at angles of 0, +5 and -5 from the >perpendicular. Sounds like the Medeco lock. Its pins have wedge bottoms instead of the usual cones; the wedges cause the pins to twist, and since the pins are offset from the center of the plug (if I recall correctly), they have to be properly twisted to align smoothly with the shear line. There are also some systems like this with grooved pins and even more elaborate mechanisms. Don't forget the "sidebar" locks used on current GM automobiles. There is also the Chicago "Ace" lock (with tubular key) often found on vending machines, and variations on that theme, including one with concentric nested pins. All these locks can be picked, with varying degrees of difficulty, by someone who understands their construction and general locksmithing principles, who has or can make the necessary tools, and who is willing to spend the practice time required. There is a common opinion that any lock involving mechanical principles activated by inserting some sort of key into a hole is in theory pickable. The most secure lock systems I know of that are in general use involve "card keys" and have computers that log lock activity. If you couple one of these with some form of personal validation (hand geometry or retinal scan), that's probably the best you're going to be able to do. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111608212600> From: ron@topaz.rutgers.edu (Ron Natalie) 17-Nov-1987 16:01:26 To: misc-security@RUTGERS.EDU Subj: [829] Re: master key security You wouldn't need to do anything as drastic as saber sawing to steal the lock. While you need a change key to remove the core, you can pull the whole cylinder if you have the door open without damaging anything. You then take it home and crack it open. If you don't have a key, you can open the door by some forcible means or you can just rip out the cylinder. There is a device called a K-tool that I have used exactly once. It is a piece of metal that slides over the cylinder. You place the end of a halligan bar into the slot on the K-tool and then hit the whole thing with a heavy object (the flat end of an ax works well). The lock comes out of the door in one easy motion. -Ron ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111611152300> From: gregm%csd4.milw.wisc.edu@csd1.milw.wisc.edu (Gregory Jerome Mumm) 17-Nov-1987 18:55:23 To: misc-security@uunet.uu.net Subj: [1085] Car alarms I am curious as to the operation of a normal auto alarm. I know that most of them use some sort of sensor ("black box") that I believe is installed between the battery and the rest of the car. My question: how does this "black box" work? When a door or trunk is opened is triggers this sensor and eventually causes the alarm to go off. I am thinking about building an alarm system when I get time and would appreciate any general advice and a possible circuit diagram of this misterious "block box". With current draining from the battery when a car is off (dashboard clocks, radio memory etc...) I don't see how a sensor could detect a change in this current. THANKS -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- ( From: gregm@csd4.milw.wisc.edu ) BITNET: gregm%csd4.milw.wisc.edu@wiscvm.bitnet {seismo|nike|ucbvax|harvard|rutgers!ihnp4}!uwvax!uwmcsd1!uwmcsd4!gregm ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111612295200> From: psw@wolfgang.arpa (Phil Wherry) 17-Nov-1987 20:09:52 To: LINNIG@eg.ti.com, security@RUTGERS.EDU Subj: [2253] Re: master key security I'm a student at the College of William and Mary, and I can say from more-or less first-hand experience that a college administration's reaction is to merely shrug their shoulders and cross their fingers in the wake of a fairly major breach of master key security. Quoting from our campus newspaper, "Richard Cumbee, chief of campus police, reports that a master key to the College is missing. The key was reported stolen November 5 some time between 10am and 1pm, from a key ring left on a Buildings and Grounds supervisor's desk. According to Cumbee, the key can open approximately 75 percent of the doors on campus. Police have a suspect in the case, and have issued a trespassing warning to the individual. Cumbee stated that police have 'no indication of a history of violence associated with this person.' Cumbee also said that, although the key is at this time not recovered, the police have taken several steps to ensure campus safety. The department is monitoring all reports to see if a master key might be involved. Additionally police notified certain areas of the College to keep on the lookout for suspicious behavior. Cumbee added that no locks will be changed at this point." I'm of the opinion that it's about time for the college to give serious thought to re-keying the locks involved. I know it's expensive, but I would think that the risks that they are taking by NOT re-keying the locks far outweigh any short-term expense involved. A question for those more well-versed in the design of a large-scale lock installation: am I correct in thinking that it would be within the realm of possibility for our locksmiths to re-do the master keying in such a way as to avoid the need to cut and issue new keys to residents (i.e. change ONLY the master keying)? Thanks for the information -- and I hope this tale was of some interest. If so, let me know and I'll keep the list updated on what happens. Phil Wherry, The College of William and Mary (student) bitnet: #pswher@wmmvs.bitnet arpanet: psw%wolfgang@gateway.mitre.org $$$$net: 804-220-9156, 804-253-5512 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111704024100> From: johnson%msuhep.hepnet@LBL.Gov (A Loopy Guy) 18-Nov-1987 11:42:41 To: SECURITY@RED.RUTGERS.EDU Subj: [1235] Home Locksmith Courses With all this talk of locksmithing on the net, I thought someone might have an opinion (uh-oh! I'm asking for it) on the worth of the so called 'home locksmith' courses that one sees advertised in magazines. I have been looking into replacing some locks for a small business I am associated with; granted this is not a difficult task in itself, however, this might be a legitimate excuse to learn something about a topic that I have always been interested in. I would rather not spend a great deal (I do not recall the cost) on a home course, unless I would actually get some sort of certification that would be respected (I don't know what that would be-- maybe certification by a National Association of Locksmiths, or something?). Also, if I go through on of these programs, will I be able to purchase equipment as a legitimate locksmith? I don't want to waste my time, I can do that without spending a lot of dough. If anyone has any experience with these courses, or if someone could recommend a better alternative I would appreciate it. Thanks in advance, John Johnson ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111715532500> From: ISA@ISEC-OA.ARPA 18-Nov-1987 23:33:25 To: SECURITY@RED.RUTGERS.EDU Subj: [509] AUDIT TRAIL SOFTWARE: HELP !!!!!!!! I'm looking for a piece of computer software which will allow me to capture all activity of a keyboard on a PC (MS/PC-DOS). It must be able to read the internal clock and create a file which can be hidden and date/time stamp the activity. Jim Vavrina Department of the Army Information Systems Software Center Security and Intell Division DDN:ISA@ISEC-OA.ARPA PHONE:703-664-3339 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111722433500> From: *Hobbit* 19-Nov-1987 06:23:35 To: security@RED.RUTGERS.EDU Subj: [628] mister pay phone If they know so much about this guy, why isnt he in the klink already? Pay phones generally use lever locks. These were invented ages ago, before the pin-tumbler, and are still in use on things like phones and safe deposit boxes. A properly constructed one is extremely difficult to defeat; there are numerous false or "confuser" notches built in, and very specialized tools are probably required. It would seem more likely that this guy knocked over a coin collector and stole his key ring. _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111815185300> From: bzs@bu-cs.bu.edu (Barry Shein) 19-Nov-1987 22:58:53 To: security@red.rutgers.edu Subj: [2273] Student Lab Security and Preventing Trojan Horses I wonder about all these precautions to stop students from copying software. I agree that some common practice has to be established like making sure students understand that copying can be construed as a crime, collecting and signing out software (protecting the physical disks and manuals is obviously desireable) and all that. I just wonder what motivates people to spend lord knows how many hours writing magic encrypting loaders and things like that. Did the manufacturers ask you to do this sort of thing? Did you feel that it was the only way to protect yourself from some possible litigation? Did you seek legal consul from the University before investing all that time and trouble (I assume at the University's expense)? I realize it may have been worthwhile (in your eyes) just to prevent trojan horses, so don't take me wrong, I'm honestly curious. I suppose the real problem with these systems is that they don't have any rational file protection schemes, I've certainly never been tempted to go to such lengths on systems which did. I also wonder how much one can just say "hey, if the manufacturers cared about such things they'd do something about it, they can't ask me to subsidize their needs." Copy-protection is not an acceptable "something". For example, I was at a University level meeting with our Macintosh rep and this very subject came up. Someone in the room started going on and on about schemes to prevent copying. I interrupted and said (in a semi-official tone of voice) the University was more than willing to follow whatever guidelines Apple and/or the software vendors recommend to prevent such potential problems and manage these measures responsibly. But we refuse to show any *more* interest in the problem than the vendors do. If you can supply me with anything written discussing their position on such things I would be more than happy to study it. The apple rep basically nodded his head, I'm not sure because he agreed or just agreed that there was nothing more that could really be said (probably the latter), but it ended there. -Barry Shein, Boston University ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987111823283200> From: Michael Grant 20-Nov-1987 07:08:32 To: security@red.rutgers.edu, telecom@xx.lcs.mit.edu Subj: [574] Re: Picking locks on pay phones I once asked a phoneman emptying one of those safe-like phones about the security of them. He told me that they were alarmed, and that if you open one even with a key at the wrong time, telco will phone the police. I have never verified this though, nor hav I ever ripped open a phone and looked for sensors. Anyone out there had any experience with this? I'm also cc'ing this to telecom. -Mike ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112109063800> From: judice%unxa.DEC@decwrl.dec.com (Louis J. Judice) 22-Nov-1987 16:46:38 To: security@RUTGERS.EDU Subj: [1527] Why secure systems? >The resources are no longer terribly scarce but the "oligarchy" continues >in their ways. For example, on our large IBM a student account is >assigned about 1MB of disk storage (max.) He can of course try to ask >for more but the bureaucracy can be very discouraging. I don't think this is characteristic of "central computing facilities", merely poorly managed or under funded ones. A key to to any customer oriented business is to meet customer needs. >I notice that many of them have a lot of trouble with the fact >that they cannot produce accounting charges for ethernets. So they >find other ways to bang people over the head with the cable >(restrictions in gateway software, per-port charges etc.) I doubt that your central computing service is trying to put "port charges", etc. in place simply to extend their monopolistic rule over facilities. Since they probably have this funny thing called a "budget" to work within, the accountants most likely have forced them to find ways to equitabily charge out resource usage. I suspect that YOUR department head would have trouble if the comp center came to him/her and said, "oh, we're going to charge your department $40,000 for network usage which we cannot account for..." I don't think the issue is security in central environments. It's just poorly managed central environments that don't serve user needs! Lou ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112110312400> From: oster@dewey.soe.berkeley.edu (David Phillip Oster) 22-Nov-1987 18:11:24 To: misc-security@ucbvax.berkeley.edu Subj: [1880] Re: Student Lab Security and Preventing Trojan Horses Derek Andrew, U of Saskatchewan, described a scheme for protecting microcomputer software that uses a separate loader program, so the only image on disk is encrypted. Some commercially released Macintosh music programs were protected using this scheme. I recently recieved the source code for a desk accessory called FixJT (Fix Jump Table) that removes the copy protection from such programs. Here is how it works: Since the program must reside in memory in an unprotected form in order to run, and since desk accessories run in parallel, in the same memory space as applications, FixJt just writes out the in-memory image to disk in a form that the operating system can run directly. (It cycles through the Mac's table of executable segments, marking each one as writable, and writing it to disk. It also turns off the handling of clock interrupt tasks, so if the program set a watchdog to try to defeat FixJT, that watchdog won't get triggered.) Any application program that allows the running of desk accessories and is protected via an external encryption utility can be deprotected by such a scheme. The application must have direct copy protection code built-in, to discover the presence of some non-copiable resource frequently, and continually decrypt one portion of itself to use, and re-encrypt other portions of itself to hide them, so that at no time does a complete, decrypted copy of itself exist in memory, that a watcher desk accessory could just write out. --- David Phillip Oster --A Sun 3/50 makes a poor Macintosh II. Arpa: oster@dewey.soe.berkeley.edu --A Macintosh II makes a poor Sun 3/60. Uucp: {uwvax,decvax,ihnp4}!ucbvax!oster%dewey.soe.berkeley.edu ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112112043000> From: fine@gondor.psu.edu (Steve Fine) 22-Nov-1987 19:44:30 To: security@RUTGERS.EDU Subj: [844] Re: Picking locks on pay phones Brock Meeks (brock@pnet01.cts.COM) asked if it was true that only one person in the U.S. can pick the lock on a pay phone. I think the uniqueness claim is exagerated. I read an article (possibly in the Toledo Blade) in the past few years about someone who had been picking locks on pay phones in Ohio. I don't remember the details but I think the person had made a special set of tools that allowed him to pick the lock. Even with the special tools, the phone company claimed that it would take about 20 minutes to open the lock. -- Steve Fine Internet: fine@gondor.psu.edu BITNET: fine@psuvaxg ARPANET: fine%psuvaxg.bitnet@wiscvm.arpa UUCP: {allegra|ihnp4|akgua}!psuvax1!gondor!fine ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112114375500> From: mdf@gpu.utcs.toronto.edu (Matthew Francey) 22-Nov-1987 22:17:55 To: Subj: [485] Re: Student Lab Security and Preventing Trojan Horses > The loader must provide its own security by +++++++++++++ What prevents the student from copying the loader? What prevents the student from disassembling the loader to ascertain the encryption method (um... what method do you use? or is this newsgroup run on a Need To Know basis? :-) ) and/or keys? -- mdf ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112204341200> From: ejs%acorn@oak.lcs.mit.edu 23-Nov-1987 12:14:12 To: Bill Sommerfeld Subj: [807] [Re: Why secure systems? ] > [1] Multics AIM (the access isolation mechansim, a non-discretionary > access control system), is the only big wart -- it was designed to > prevent trojan horses from letting classified information escape, and > instead is probably a big waste of the users's time. It was also > kludged in after the original design. Although AIM was added to Multics after the initial design and implementation, it has undergone thorough penetration and functional testing by the DoD and is indeed in active use at at least one DoD installation. Multics has officially been certified at the "B2" level (which requires a mandatory access control (non-discretionary)). ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112204464300> From: Bill Sommerfeld 23-Nov-1987 12:26:43 To: ejs%acorn@oak.lcs.mit.edu, security@red.rutgers.edu Subj: [548] Re: Why secure systems? I did mean to imply that AIM caused Multics to be insecure. I meant that AIM probably causes Multics to be _unusable_, at least by people trying to cooperate on a project, and that it is overkill for the problem it tries to solve. It _is_ used on MIT-MULTICS to a certain degree, to keep the backup system from trying to back up a few bad spots on the disks.. - Bill ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112206025500> From: moss!ihlpf!bird@RUTGERS.EDU (Walters) 23-Nov-1987 13:42:55 To: security Subj: [943] Driveway Metel Detector I am very interested in obtaining the schematics for the circuitry that electronically detects cars at left turn lanes, etc. In addition, any building and/or installation tips would be much appreciated. I intend to use the circuit to detect cars pulling into my driveway. During the day it will sound an alarm so my wife will know someone is there. After dark it would also light a yard light for some period of time so as to provide visitors lighted access to the house. I am not interested in where I can buy commercial circuits unless they are implemented by burying wire in the street i.e. Brookstone sells a "tube" one buries in the driveway. The problem here is that the tube is not long enough to assure a car entering my wide driveway would pass over it. Joe Walters ihnp4!ihlpf!bird (312) 979-3091 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112209193300> From: murray@andromeda.rutgers.edu (Murray Karstadt) 23-Nov-1987 16:59:33 To: security@red.rutgers.edu Subj: [277] A little while ago someone mentioned Check-Point Security Systems ( to prevent the rip off of software) does anyone know where I get find these people murray ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112215140000> From: puff!kailhofe@RUTGERS.EDU (Andrew D. Kailhofer) 23-Nov-1987 22:54:00 To: misc-security@RUTGERS.EDU Subj: [1957] Re: master key security >What will the administration do if they find such a lock has >been removed by brute force (ie. saber sawing it out of the door)? >Surely this implies that the whole master keying system is >compromised. Ideally, they would rekey all the locks. Oh, how I know this problem. Within the last few weeks we've had three locks stolen from doors in our building, one with computers all over the place. A building that is also on a campus that has a pretty smart gang of computer theives on it. The locks were simply torn out (Sargeant locks). I spent days hiding equipment while we wait for a locksmith to install a few new (good) locks in a few rooms. If they don't get it done by the upcomming holiday, we're doomed. We know they are after a master, the locksmiths know they are after a master, and it makes me soooo mad! The security of my building is compromised, and my babies stand the risk of being gutted, from model A PC's right on up to a 3B15. I just hope that they leave the lock-down cables that will be chopped where they chop them so that we are only stuck with a $250 deductible forced entry replacement instead of a $1K deductable for non-forced entry theft (per item). Has anyone else out there had this problem? Can anyone else offer any suggestions? We already re-keyed once this decade, so the UW administration isn't likely to consider that as a viable option. Please, Boys! Help me save my wee bairns. Andrew D. Kailhofer |507 VanVleck Hall | This third left Systems Consultant |Madison, WI 53706 | blank for reasons UW-Madison Math Department |(608) 263-4189 | of national kailhofe@weaver.math.wisc.edu |I wrote it, it's _mine_!| security (spooks and ...!uwvax!vanvleck!kailhofe |Bansplaft! | all that stuff). ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112217455900> From: ssr@tumtum.cs.umd.edu (Dave Kucharczyk) 24-Nov-1987 01:25:59 To: security@red.rutgers.edu Subj: [1270] Payphone locks Regarding picking a payphone lock it is possible that this person has made a very special tool that would make it much more likely that one could pick a payphone lock. Payphone locks use a 9 or ten lever, lever lock. The levers are very thin and close together to make picking difficult and also have a ratchet that catches the lever if it is raised too high during picking. One could make a tension wrench that also allows the resetting of the ratchet, like when a key is inserted but you would have to have a lock from a payphone in the first place. Then one would need a special tool to throw the bolt on the coin box cover, but that is a relatively simple item compared to the tension wrench for the lock. By the way the coin box is a removable sealed box that has a special seal on it. When the coin collector comes around he pulls the full box out which closes itself as it is extracted from the actual payphone housing. He then inserts a empty and open box back into the housing which then primes it so that upon removal it seals itself untill it is reset, which can only be done by breaking the seal on the box. ssr ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112310451700> From: len@csd4.milw.wisc.edu (Leonard P Levine) 24-Nov-1987 18:25:17 To: misc-security@uunet.uu.net Subj: [1182] Re: master key security >It must be very expensive to rekey all the locks on a campus. It is. Here at UWM when the college rekeyed one building with 80 faculty offices and some 40 labs, the cost was of the order of $25,000. The problem with master keys being lower than the sub masters deals with the way the keys are installed by the locksmith. S/he "builds" the keyset by inserting a master key in the lock cylinder and adding slugs for the local and submaster set, finally adding the slugs needed to make the master. The cylinder then is flat across the top and may be inserted into the stationary door part. If the master was higher than the submaster, the locksmith would have to make several keys for the building of the cylinders. Lethargy rules, the master is low and easy to make from any submaster. An even easier way to bust the system is to take the keys, usually marked "do not duplicate" to a shop for duplication, after taping over the above marks with a legend such as "elevator" or "garage". Most shops will gladly duplicate such a key. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112318494200> From: jslove%starch.DEC@decwrl.dec.com (J. Spencer Love) 25-Nov-1987 02:29:42 To: security@Red.Rutgers.Edu, JSLOVE@decwrl.dec.com Subj: [3417] Re: Internal setscrews The "from the inside" setscrews don't protect padlocks, which are by far the most vulnerable locks in most Best and Falcon systems. As many bicycle owners know, cutters which can remove a padlock from a hasp are too easy to come by, and the words "hardened steel" are essentially irrelevant. One way to deal with this problem is to use a separate control key and mastering system for padlocks and other unsupervised areas. The control key is implemented as a sleeve around the plug, where the plug is the part of the lock which rotates when the lock is normally operated. This sleeve is about 1/8" thick for the part which faces opposing circle of the figure 8 profile of a Best lock, and includes the tooth which holds the core into the lock. This describes a bit more than 60 degrees of the sleeve, the other 300 degrees are also present, but the metal is much thinner, and thus less noticeable. The sleeve along the bottom of the keyway typically has five or six small holes (one under each pin), which may be intended for use by the locksmith when assembling or rekeying a core. These small holes permit making a specialized wrench to apply torque to the sleeve without applying torque to the plug. Such a tool makes it relatively easy to pick the sleeve, thus removing the core. The core operates in only one direction, turning about 20 degrees, since the tooth must withdraw into empty space within the core. The Best locks are well made, so it is easy to disassemble and reassemble them. Penetrating such a system can be done without property damage. If the system stamps a code on each lock and key, it is often possible to derive the whole system by examining two or three keys and a single lock. This could be made more difficult by assigning the codes non-sequentially, but the systems which I have seen didn't do this. The Best locks that I have seen have 5, 6 or 7 pins, each of which has 10 possible stopping points 1/80" apart. Because the thinnest master pin is 1/40" thick (to keep from turning sideways), only the even or odd numbered stops are used by any given pin (but the control key can violate this). With one stop reserved for the grand master, 4 stops per pin are available for pass keys. The master key has at least one cut which has more metal than any pass key, so that griding the keys down never can produce a master key. When submasters are provided, the grand master can't be made from any submaster, and so on. However, metal can be added to a key using silver solder, which can easily be filed down and has a reasonable lifetime (regular solder is too soft, so the lifetime would be only a few uses). The solder makes the key rather conspicuous when the campus cop asks to see your key ring, though. I think you would need acid-core solder; it's been a while. The usual disclaimer applies: don't try this at home, it's illegal. Knowing how to pick locks is only illegal if you exercise the skill on someone else's lock, but there are places were possession of the tools without a license (a locksmith's bond, or some such) is a felony. It can be a very useful skill in emergencies where forgiveness is easier to obtain than permission; every boy scout should have a locksmithing merit badge. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112403585800> From: Fred Blonder 25-Nov-1987 11:38:58 To: dnichols%ti-csl%csnet-relay.CSNET@RELAY.CS.NET Subj: [520] Re: Home security ... I have two young children and a cat and small dog which make a motion detector pretty unusable. Not necessarily true. The infra-red motion detectors can be adjusted to ignore reasonably small house pets. As for the kids: just use the system when there're no humans home. ---- Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112407020300> From: Larry Hunter 25-Nov-1987 14:42:03 To: MCGUIRE%GRIN2.BITNET@YALE.ARPA Subj: [3484] RE: Bumper Beepers. And by the way, US Citizens have no reasonable expectation of privacy regarding movements tracked in public, said the Supreme Court in 1983: US v. Knotts, 103 S. Ct. 1081 (1983). However, I imagine that installing a beeper on someone else's car without their knowledge or permission is trespassing at the very least. That's an interesting question! US v. Knotts was a case in which the police attached a bumper beeper to a car and followed it. It was held that there was no violation of the 4th amendment because there is no reasonable expectation of privacy of movements in public. There was a case decided shortly thereafter where a beeper was placed inside a package (containing drugs, I believe) and the police followed the package and then traced its location inside the suspect's home. That search was overturned because the suspect did have a reasonable expectation of privacy inside his home: US v. Karo 104 S. Ct. 3296 (1984) "Montoring of a beeper to trail a container into a house and... keep[ing] in touch with it inside the house... did violate the 4th amendment." Now as to leaving a bumper beeper on someone else's car: There are things that the police can do that others can't, but I don't think trailing cars with gadgets is one of them. I'd guess that it is legal for anyone to use a bumper beeper for trailing a car in public. It's hard to imagine a criminal charge coming out of trailing a car. Trespass isn't appropriate since there is no entering the car, and assuming the beeper was placed when the car was parked on a city street and not in the guy's garage, there's no real property trespass either. If someone gets mud on your bumper he hasn't trespassed -- likewise if he puts a gadget there. You're not monitoring communication, so none of the wiretapping laws would help. Since there is no reasonable expectation of privacy as to movements, you're not violating the target's civil rights, either. There might be a shot at a vandalism charge, but he'd have to show that the beeper damaged the car in some way. Damages might arise from the result of being trailed and maybe the beeper could be worked into a civil suit -- juries probably wouldn't like the idea of following someone by bumper beeper too much and might think the follower was a bad guy, but then again it might not be treated as relevant evidence; it probably depends on the skill of the lawyers involved. I'm not a lawyer, so I wouldn't take this as the last word, but I am pretty familiar with the laws about privacy in the US and it seems to me that putting a bumper beeper on and following someone's car is completely legal. I think this is wrong, but that doesn't make it illegal. It is probably not the case that you could put a similar device on the person or some other possession of his, because if you "keep in touch with" it (what ever that means) while he is inside his house, you have violated his civil rights. Your car is not a domain where you have much in the way of privacy rights. Note: It is probably the case that you are abandoning the beeper when you put it on the car, so if the target finds the beeper it's his to do with as he pleases (I'd put it on a truck heading someplace remote and see who follows...) Larry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112417343600> From: Fred Blonder 26-Nov-1987 01:14:36 To: awalker@red.rutgers.edu Subj: [1484] Re: mister pay phone From: *Hobbit* Pay phones generally use lever locks. These were invented ages ago, before the pin-tumbler . . . How many ages ago? The pin tumbler lock was invented by (surprise) the ancient Egyptians. True, their keys were a bit large by modern standards (they were hung from the owner's belt.) but the principle was exactly the same. ---- Fred Blonder (301) 454-7690 seismo!mimsy!fred Fred@Mimsy.umd.edu [I stand somewhat corrected. However, the principle wasn't *exactly* the same -- the pins in the lock were only the top halves, and the pegs on the wooden key formed the lower halves when the key was pushed up into the slot. The security was based mostly on the *positioning* of the holes. Related to this, Larry then asks:] From: Larry Hunter Subject: Re: mister pay phone A properly constructed [lever lock] is extremely difficult to defeat... That's interesting! How come I use a pin-tumlber on my door at home? If these things are so good, how come they are not in wider use? Larry [HellifIknow. Perhaps they don't wear as well due to stronger springs, or get jammed more easily if left outside. This *is* an interesting question. I have no theories offhand -- anyone else? _H*] ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112607572800> From: ejs%acorn@oak.lcs.mit.edu 27-Nov-1987 15:37:28 To: Bill Sommerfeld Subj: [2454] [Re: [Re: Why secure systems? ]] > I did mean to imply that AIM caused Multics to be insecure. I assume you mean "didn't" above, right? > I meant that AIM probably causes Multics to be _unusable_, at least by > people trying to cooperate on a project, and that it is overkill for > the problem it tries to solve. I used AIM at the Pentagon for 4 years. Indeed in some circumstances it was cumbersome, but effective. Typically, a project is associated with one security classification, and one can "log in" at one level to work on it. The real problems come when one is logged in, say, at the Top Secret level, and wants to modify a file at the Secret level. If he copies the file from the Secret (directory) hierarchy to the Top Secret hierarchy, the system treats the data as Top Secret and a security officer must intervene to downgrade it at a later time. His only real alternative is to create a new process at the lower authorization. Yes, this is a pain, but I don't see many other alternatives. But I don't agree that AIM renders the system unsuable -- at least not in an environment where mandarory access control levels (like the military or government) are in place. In private industry, perhaps, AIM is overkill. AIM is also a real pain when such per-use databases such as profiles, init files, and mailboxes are concerned. The former two must be maintained at the lower classification/authorization level and modified only at the level -- a burden for most. Mailboxes on Multics, being multi-level, force the user to log in at the highest authorization to read all the messages, but prevent him from deleting old messages at any level but the level at which the message was sent (or destined). This is also an inconvenience. > It _is_ used on MIT-MULTICS to a certain degree, to keep the backup > system from trying to back up a few bad spots on the disks.. That is certainly a bizarre use of AIM and one which makes my stomach turn (having worked on the Multics security effort at Honeywell for some time). There are, however, other Multics sites using AIM, including some in the university environment, where grade protection was considered a suitable need for AIM. Take care. -- Eric PS: I no longer subscribe to the security mailing list, so any reply mail should be cc'ed to me, directly. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112702222700> From: judice%unxa.DEC@decwrl.dec.com (Louis J. Judice) 28-Nov-1987 10:02:27 To: security@RUTGERS.EDU Subj: [1407] re: why secure systems? >The resources are no longer terribly scarce but the >"oligarchy" continues in their ways. For example, on our large IBM a >student account is assigned about 1MB of disk storage (max.) He can >of course try to ask for more but the bureaucracy can be very discouraging. I don't think this is characteristic of "central computing facilities", merely poorly managed or under funded ones. A key to to any customer oriented business is to meet customer needs. >So they find other ways to bang people over the head with the cable >(restrictions in gateway software, per-port charges etc.) I doubt that your central computing service is trying to put "port charges", etc. in place simply to extend their monopolistic rule over facilities. Since they probably have this funny thing called a "budget" to work within, the accountants most likely have forced them to find ways to equitabily charge out resource usage. I suspect that YOUR department head would have trouble if the comp center came to him/her and said, "oh, we're going to charge your department $40,000 for network usage which we cannot account for..." I don't think the issue is security in central environments. It's just poorly managed central environments that don't serve user needs! Lou ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112905182000> From: Larry Hunter 30-Nov-1987 12:58:20 To: Jonathan Harris Subj: [6042] Re: SSN In reply to the few examples people brought up of how someone can destroy you with a knowledge of your SSN: (1) The activities--getting the false drivers license, using it to obtain information about you, etc... are all serious criminal offenses. The abuser would cause you some hassles, which you would eventually clear up, and eventually find himself in jail with felonies on his record, drunk driving, etc.... This is a bit naive. First, although using false identification is a crime, it is not a serious one in most states. Using false information to obtain a credit card is also a crime, although again, credit card fraud is not a high priority for most police departments. Winning a civil suit is always possible in the case of fraud, but it would be difficult and expensive for a victim to track down and prosecute the perpetrator. Second, the idea that all this might cause the victim "some hassles, which you would eventually clear up" is simply wrong. People can get badly hurt by this stuff. Here's a recent court case that should frighten you: A Federal Judge in Los Angeles has confirmed a Michigan man's account of his three year nightmare of police arrests based on an error in the FBI's computer. The judge has ordered the police department that originated the error to pay the man damages. The nightmare of Terry Rogan of Saginaw begin in 1981, when an escapee from an Alabama prison received a copy of Rogan's birth certificate from a mutual acquaintance. The escapee assumed Rogan's identity and obtained a California driver's license in Rogan's name. The man was eventually arrested in LA on suspicion of murder. The suspect was released, but LA police later issued a murder arrest warrant in the name of Terry Rogan. Omitted from the warrant, however, were the suspects known physical characteristics, including a tattoo. If Terry Rogan, back home in Michigan, were the sort of fellow who never has a confrontation with the police, the erroneous warrant probably would have done him no harm. But Terry Rogan is black. Black males in urban areas have a probability of being arrested far greater than that of any other segment of the population. In 1982, Rogan was accused of trespassing by police in Saginaw county. He was then arrested on charges of resisting arrest. In accord with ususal policy, police queried the FBI's National Crime Information Center under Rogan's name. They got back a "hit," the California warrant in Rogan's name. The NCIC entry had no other identifying information even though, according to the court, the system permits up to 121 characters to be entered for this purpose. After comparing fingerprints and discovering from LA that the wanted man had a tattoo and that Rogan did not, police released him -- four days later. But within a few weeks, LA police reentered the Rogan name into NCIC. Within six months Rogan was stopped near his home for failing to use a turn signal. Officers ran a computer check on him, and again the murder warrant showed up. Rogan was searched, handcuffed at gunpoint and then arrested. Rogain was arrested again, this time for a traffic offense, and was again detained until the LA arrest warrant was explained. Rogan then asked an FBI agent in Saginaw to correct the entry; he was told to go to Los Angeles to do it himself. He was also told to write his Congressman. In July 1983 Rogan travelled to Texas to find work; there he was stopped for speeding. Again, because of the NCIC "hit," he was handcuffed at gunpoint and taken to jail. At about this time, LA police again reentered the warrant into NCIC. Not surprisingly, in January 1984, Rogan was again apprehended at gunpoint, this time for driving without his headlights on, back home in Saginaw. By then local police officers knew all about the unfortunate Terry Rogan. He was promptly released. But no one would make the effort to correct the FBI entry. It took a reporter from the "Saginaw News" to initiate the erasure process. The NCIC record was deleted, and the felon in Alabama was eventually convicted of the LA homicide. The LA police department gave officers operating their end of the NCIC system no training in how to delete or amend data once they had entered it into the system, according to US District Judge Robert J. Kelleher. Neither of the two officers involved thought about amending the NCIC record after they were notified of Rogan's mistaken identity.. One officer's policy in these situations, the court said, "was to give the innocent person a computer printout of the warrant and his business card as evidence of the person's innocence ONLY IF the person came to Los Angeles and picked up the items personally." ... The court found the City of Los Angeles liable for damages to Rogan, calling its conduct "both grossly negligent and systemic in nature" in depriving Rogan of his constitutional right to be free of faulty warrants. Rogan v. Los Angeles 85-0989 (CD Cal, 20 July 1987) [The preceding is quoted, with permission, from the Privacy Journal, an excellent publication available for $98/year from Box 15300 Washington DC 20003.] Notice that all that trouble arose merely over use of the name. With a social security number, it is possible that credit records could also become involved. Victims of this kind of activity are badly hurt -- no doubt about it. If instead of a police mistake, it had been the actions of an private individual that had caused the trouble, the chances of compensation would be remote. Compared to having a car vandalized, being repeatedly arrested at gunpoint, spending days in jail (very unpleasant!), loss of credit rating, etc. seem much more serious. Never underestimate the power of those 9 digits. Larry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112907385900> From: Jonathan Harris 30-Nov-1987 15:18:59 To: hunter-larry@YALE.ARPA Subj: [2648] Re: SSN Larry, "A bit naive" may be accurate if you want to spend your life worrying about getting hit by meteors and all sorts of other remote problems. Although not as serious as murder, credit card fraud and obtaining a false id will cause the perpetrator various serious trouble. I am pretty sure in the example listed, the crimes are felonies, although not extremely serious ones. Once convicted the guilty party will have a very difficult time obtaining any job where any degree of trust is involved, especially with the increase in the usage of background checks, etc. Of course there are people so messed up that they don't care about this kind of thing, as in the case you mentioned where the original perpetrator was a prison escapee. Injustice has happened before there were computers and widespread usage of SSN's. I am sure that we will still have to continuing fighting these cases as long as there is civilization. However the possibility of the kind of hassle mentioned in the article to which I replied is probably less than that of being hit by a car, robbed at gunpoint, or harrassed in a more "traditional" manner. It is rather pointless to end up with high blood pressure, heart disease, depression, and lost productivity because you spend half of your life fighting the phone companies or someone elses usage of your SSN or any other number. In response to your closing statement about having your credit rating trashed is worse than having your car vandalized. That is true if you have your car vandalized only once and collect the insurance. There are plenty of cases of peoples lives being made miserable by repeated harassment, firebombings, beatings, etc... Frankly I would much rather be suing TRW to get my credit rating restored than visiting a close family member in the hospital or worse the morgue. I know of people who have been forced out of their homes and killed or wounded as a result of "non-computer" harassment. --Jonathan --------------------------------------------------------------------- Jonathan G. Harris Bitnet addresses: jghha8r@uchimvs1 The James Franck Institute harris%go-han@uchicago The University of Chicago arpanet: harris@go-han.uchicago.edu 5640 S. Ellis Avenue alternate: harris@oddjob.uchicago.edu Chicago, Illinois 60637 ...!oddjob!go-han!harris (312)702-7234 numerical harris@128.135.4.20 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987112912113700> From: brad@sun.com (Brad Taylor) 30-Nov-1987 19:51:37 To: misc-security@uunet.uu.net Subj: [1285] Re: something of some interest, subject: breaking DES Just a correction, in case people get the wrong idea: > the reason i mentioned it to van was that sun has now done two talks > at meetings about their security on the network that is based on > des using the diffie hellman key exchange in exactly the field > that we broke. both times the talk was given by the programmer > who is implementing it not the mathematician who decided what to > be implemented. i pointed them again to the papers on it; hope > a number theorist there actually reads them. The system Sun is using is NOT, I repeat IS NOT, the same one that Evi broke. The system evi broke is based upon the field GF(2^127). However, our system is based instead on the integers mod M, where M is a 128 bit prime number. In fact, in her paper, Evi even admits that logarithms in the field of integers mod M is intractible. I have given evi a challenge, and so far I have heard nothing. Here is the challenge for anyone else who cares to give it a whirl: P = (2^S) % M P = 962493b2991f6639a5f249aec8fc64e3 M = b520985fb31fcaf75036701e37d8b857 (hex) Find S. -brad ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987113005344500> From: marauder@tc.fluke.com (Bill Landsborough) 1-Dec-1987 13:14:45 To: uw-beaver!misc-security@beaver.cs.washington.edu Subj: [1279] Re: Picking locks on pay phones When I was a pay phone coin collector in the early-sixtys in Bakersfield CA there was a man/woman team that was hitting the Kern Co. area pretty hard and they made my work pretty hectic. The way they would do it was they would both go into the phone booth and the woman would hold a newspaper up like they were calling want ads. The man would pick the lock with very sophisoticated tools and then "scrape" the bolt down to open the lock. Pacific Telephone invented a new C version lock that was "unpickable" but this guy was successful in picking at least one C version that I remember. I came into a bar one morning only to have missed him by less than 10 minutes. When I opened up the door for the coin box there was no coin box and there was no money laying in the bottom of the phone housing. I asked the bartender who was the last person to use the phone and he described the couple to me. Sometimes he got ~$120....sometimes $.30. We never caught him while I was there to 1964. Bill Landsborough -- "Answer a fool according to his folly, or he will be wise in his own eyes." Proverbs 26:4 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987113023011400> From: mimsy!cvl!decuac!uccba!ncoast!smith@RUTGERS.EDU (Phil Smith) 2-Dec-1987 06:41:14 To: moss!cbosgd!misc-security@rutgers.EDU Subj: [634] Re: mister pay phone > It would seem more likely that this guy knocked > over a coin collector and stole his key ring. It would not do him a great deal of good to have stolen keys from a coin collector. The coin box locks are all keyed differently. True you will eventually find duplicates I would think, but not enough for the amount of phones he has supposedly hit. -- decvax!mandrill!ncoast!smith ncoast!smith@cwru.csnet (ncoast!smith%cwru.csnet@csnet-relay.ARPA) ----MESSAGE-END----