University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from: http://catless.ncl.ac.uk/Risks/11.82.html


Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11, Issue 82

Tuesday 4 June 1991

Contents

o Risks of open anonymous ftp
Pete Cottrell
o Magellan spacecraft performance; followup
Randall Davis
o Lauda Air Boeing 767 Aircraft crash
Hermann Kopetz
Richard Shapiro
Joe Morris
Steven Philipson
Jeremy Grodberg
o RISKS of posting humor to the net
Phil R. Karn
o Digital Fingerprints in California
Mike Caplinger
o CPSR Review of FBI Net Surveillance
David Sobel
o Computers and Academic Freedom Groups Now at EFF.ORG
Jim Horning
---------------------------------------------

risks of open anonymous ftp

Pete Cottrell < pete@cs.UMD.EDU >
Tue, 4 Jun 91 17:50:01 -0400
     
     	I have discovered some risks of having an open anonymous FTP
     environment on your machine. By 'open', I mean that there are one or more
     writable directories available for people using anonymous FTP into which files
     can be uploaded. This arrangement is popular on several of our professors'
     workstations, as it allows them to exchange files and papers with colleagues at
     other sites. It is particularly nice for dvi or binary files, which can't be
     sent directly via e-mail. Occasionally, we have seen a file called
     MAKE_MONEY_EASY or something similar advertising some get-rich-quick pyramid
     scheme that someone uploads. This hasn't been a problem in the past, but it has
     become one when escalated by an order of magnitude or two.
     	Some background first: the USENET newsgroup alt.sex.pictures is used to
     distribute what are usually called X- or R-rated pictures. These pictures are
     uuencoded files, usually in the GIF format, sometimes in others. Because of the
     size of the pictures, a individual pictures is broken down into parts, usually
     3 or 4, but sometimes up to 20. A fully assembled and decoded picture is
     sometimes as small as 25 or 30K, but is typically 150-250K and may be even
     larger. Monthly posted reports of USENET traffic flow show that this newsgroup
     is consistently among the leaders in terms of quantity of megabytes of traffic.
     	Many sites refuse to carry or forward this newsgroup. For some, it is
     simply a question of traffic; they don't want to double or triple their phone
     and modems costs to transmit the group. For others, it is a matter of the
     material itself. More than one group has been forced to shut down the group
     under orders from superiors, often under political pressure.
     	To make up for the lack of availability of the newsgroup, and also for
     the limited bandwidth it provides even if available, seekers of the GIF files
     look for ftp sites. A good site can have many pictures available, and the ftper
     can grab many megabytes of files at once. Several of these have been found in
     the past, but what typically happens is that someone will announce the location
     of such a site, at which point the poor machine is swamped with anonymous ftp
     sessions and traffic, forcing the administrators of the machine to turn off
     anonymous ftp. As a consequence, the source of ftp sites is few.
     	So, another tack must be taken and it is this: find a site that has a
     writable anonymous ftp directory, create gif directories, and ftp away.
     Requests and questions are communicated by creating files whose name is the
     request/question itself, like this:
     
     	-rw-r--r-- 1 ftp 1 May 23 18:57 more-asian-gifs-PLEASE
     
     		or
     
     	1 -rw-rw-rw- 1 ftp 1 May 23 14:21 00-Otherwise-this-site-wo
     uld-be-shut-down-soon
             1 -rw-rw-rw- 1 ftp 1 May 23 14:21 00+Please-do-you-file-tra
     nsfer-at-non-prime-time.---7pm-6am.eastern-time
     
     Announcement of new sites is handled in a similar fashion:
     
     	-rw-r--r-- 1 ftp 1 May 22 00:16 I-saw-somebody-suggesting-t
     o-switch-to-xxxxx.yyy.zzz
     	
     	People upload and download to their hearts conten<t. Everyone is
     happy....except for perhaps the unknowing users of the machine and the network
     it is on.
     	This has been happening on my machines the last few weeks. When we
     first discovered it several weeks ago, I quickly hacked logging into the FTP
     server and saw connections from Canada, Australia, England, Israel, France,
     Italy, Switzerland, Denmark, Germany, Austria, Sweden, Norway, Finland and of
     course from the US, all within a single 24 hour period.  I had to shut it down
     at the time, but I started watching my other hosts, and sure enough, it started
     again. I began watching intently for a couple of days and was able to determine
     who some of the people who were doing this were. I watched one person create
     and 'seed' two new sites by uploading a small collection of files to others to
     grab. Within hours, these sites had been advertised to others and were being
     used.
     	This activity get clog a machine and a network. I have seen people
     upload 10MB of pictures to my machines at once, and then have seen anywhere
     from 5 to 8 people grabbing them at the same time. People write scripts to log
     in every 15 minutes and check for new files automatically; sometimes these
     continued to run even after I had shut down the site.
     	One way to protect yourself is to make a directory writable, but not
     readable. This way, people can upload files, but fetching them is more
     difficult, since you can't know what the names are. However, I think that that
     would be of limited use in this case, since people can put a list of what
     they've uploaded to a machine on another site. Then, others can use that list
     to retrieve what they want from the repository. The scheme also curtails the
     legitimate use of a writable area.
     	I see several risks. First, your site can become severely clogged,
     often without your having any idea of what is going on. This makes it harder to
     fix; we found out about it because we *were* having network problems and just
     happened to notice a lof of network activity to a particular machine. A quick
     'ps' soon pointed out the problem. However, I believe that many sites are less
     sophisticated and will be less able to pick up on this.
     	Second, this activity affects legitimate use of the anonymous ftp
     facility. Sharing and convenience suffer because of it.
     	Third, shutting it down and then confronting the abusers in a public
     forum (newsgroup alt.sex.pictures.d) can attract attention to your site and may
     spur people into more diligent efforts to 'pay you back' for spoiling their
     fun. While I received some supportive responses, I also received a few telling
     me what I could do with myself. Curiously enough, I also got a few requests for
     the addresses of the other sites I had discovered being victimized.
     	Check your systems, you might be suffering from network parasitic
     terrorism.
                         		Pete
     
     
---------------------------------------------

Magellan spacecraft performance; followup

Randall Davis < davis@ai.mit.edu >
Tue, 4 Jun 91 19:33:00 edt
     
     The Magellan craft doing radar mapping Venus had several failures early in the
     mission, including one 32-hour outage, as noted in some previous Risks
     postings.
     
     This update on subsequent performance is extracted from a 2 page article in
     appeared in Aviation Week of 20 May:
     
      The Magellan spacecraft successfully completed the first cycle of Venus
      mapping on May 15, producing more data than required despite occasional
      spacecraft glitches...
     
      A second cycle of mapping was started May 16 to cover most of the surface
      that was not mapped on the first cycle, with emphasis on south polar regions
      that have not been seen before.
     
      Ambitious plans for future use of the spacecraft are being formulated,
      including using aerobraking to circularize the orbit...
     
      Magellan's basic mission was to radar map at least 70% of Venus' surface and
      83.7% had been covered as of May 15.  The Martin Marietta spacecraft has done
      a ``great job'' and the Magellan radar, built by Huges has been ``flawless,
      beautiful,'' said A. J. Spear, Magellan project manager at JPL.
     
     
---------------------------------------------

Lauda Air Boeing 767 Aircraft crash

Hermann Kopetz < hk@vmars.tuwien.ac.at >
Tue, 4 Jun 91 10:37:28 +0200
     
     Nearly all major newspapers in Austria had the main headline on Monday along
     the following topic:
     
     Computer failure causes Boeing 767 airplane crash
     
     Niki Lauda, the owner of Lauda Air (and former grand prix champion) gave the
     following explanation in a televised press conference in Vienna on Sunday at
     1:00 p.m.  (I watched it.):
     
     Both the voice recorder and the data recorder have been recovered after last
     Sunday's crash of the 767 near Bangkok. The data recorder was unreadable
     because it did not withstand the crash.  After an analysis of the voice
     recorder the following sequence of events has been established:
     
     Sunday, May 26, 23:05 Bangkok time: The plane, coming from Hongkong took off
     from Bangkok airport. Everything was normal, the plane has climbed to 7000 m
     and was still climbing further.
     
     23:16 An advisory warning light (lowest of three criticality degrees) started
     to blink intermittently. The copilot referred to the checklist which read
     (about): Another failure can cause the deployment of the thrust reversal. Expect
     normal operation of thrust reversal after landing. No immediate action to be
     taken.
     
     23:18 The voice of copilot Turner: "It deployed" (i.e. the thrust reversal was
     activated while the plane was still climbing with high engine power).  A few
     moments later one can hear an acoustic warning signal on the tape indicating
     that the forces on the plane are critical.  Two seconds later the voice
     recorder stops, because the plane crashed.
     
     I have been asked by newspapers to comment on the suspected computer failure
     but do not have any further information.  Do you have access to any further
     information about the B 767, in particular:
     
      * Do they use single or multiversion software?
     
      * How is it possible that a dangerous state, which has been indicated,
        does not require any action?  (Consider this happened in the first
        fifteen minutes of a 10 hour flight!)
     
     Looking forward to some more information
     
     Hermann --Tel 43 1 588018180--FAX 43 1 569149 -- ++++++ PLEASE NOTE THE CHANGE
     IN THE E-MAIL ADDRESS ++++++
     
       [An anonymous commenter sent in this: "Speculation is now increasing that
       the thrust reversal deployment, while the system was under computer control,
       was part of the problem.  I just spoke to my Airline Pilot Association friend
       who does all the interviews after such events, and he tells me that there is
       a mechanical system that is supposed to prevent the reversers from deploying
       until the plane is on the ground, but he says that they do break down and
       such a failure would allow a computer malfunction to deploy the reversers.
       He also says that contrary to what Boeing is saying, it can be VERY hard to
       avoid having a plane tear apart if the reversers deploy while the plane is in
       a high power situation (e.g.  climbing--as was this plane).  Note that the
       767-300 is NOT a "fly by wire" plane in the sense the new Airbuses are, but
       that the engines are normally under computer control with no direct
       mechanical connection with the pilots."  There is some redundancy in the
       following messages, and in the preceding ones, but I think that the subject
       is potentially too complex for me to try to do an accurate and careful
       differential reading and analysis, in the absence of more definitude.  PGN]
     
     

Reply to rmoonen concerning "the wings ripping off"

richard shapiro < shapiro@Think.COM >
Mon, 3 Jun 91 12:19:42 EDT
     
     No, thrust reversal in mid-flight wouldn't rip off the wing. It would have some
     potentially unpleasant control consequences, by introducing a very large yaw
     moment, but reverse thrust is far less efficient than forward thrust.  Also, I
     understand that as part of the flight certification of an airplane, it must be
     able to fly with one engine at full reverse thrust.  I don't know what might
     happen if the thrust reverser activated at low altitude, where there isn't a
     lot of time to recover, but the plane should hold together until it hits the
     ground.
     
     

Re: Lauda air plane crash (Moonen, RISKS-11.78)

Joe Morris < jcmorris@mwunix.mitre.org >
Mon, 03 Jun 91 12:57:23 EDT
     
     Extracted from this morning's _Washington_Post_ (3 June 91) p. A11:
     
         "What happened in the plane is that the thrust reverser, for whatever
       reason, was deployed in the air," Lauda told a news conference upon
       returning to Vienna from Washington, where U.S. authorities are examining
       equipment retrieved from the wreck.  His conclusions were echoed in a
       statement by Austrian Transport Minister Rudolf Streicher, who said a
       computer error may have activated the thrust reverser.
           [...]
         However, a spokesman for the Seattle-based Boeing Co. said a 767
       should be able to continue flying even if the situation described by
       Lauda occurred.  The Federal Aviation Administration will not certify
       any jet aircraft to fly unless it passes an in-flight test in which
       a thrust reverser is deployed at full power.
           [...]
         Some U.S. sources close to the investigation expressed irritation
       at the flow of statements from both Thailand and Austria as the
       investigation of the crash continues.  In any crash, they noted, an
       agency can determine a final cause only after months of painstaking
       investigation.
     
         The sources, who asked not to be identified, did not rule out the
       possibility that the thrust reverser may have malfunctioned.  However,
       Boeing spokeswoman Elizabeth Reese said that owners of the more than
       350 767's now flying had never reported any thrust reverser problems.
           [...]
         To receive FAA certification, each type of aircraft produced [in]
       the United States must have a thrust reverser deployed at full power
       in flight.  The pilot must be able to control the plane using
       normal procedures.
     
     Joe Morris
     
     

Re: RISKS DIGEST 11.78

Steven Philipson < stevenp@kodak.pa.dec.com >
Mon, 3 Jun 91 12:40:05 -0700
     
     Re: In-flight engine reversal as reported in _The Times_ (London), Monday
        June 3rd 1991.
     
     > [...] If the diagnosis were confirmed, the accident would
     > be unprecedented, Herr Lauda said.
     
        A crash of a 767 is unprecedented.  In-flight thrust reversal leading to an
     accident is not -- there is a long history of accidents from both intentional
     and unintentional in-flight reversing, for both jet and propeller driven
     aircraft.
     
     >rmoonen@hvlpa.att.com (Ralph 'Hairy' Moonen) writes;
     
     >And certainly, wouldn't a mid-air reversal of thrust just rip
     >off the wing, leaving the plane to plummet down totally out of control?
     
        No, it would not.  The engine would depart the aircraft well before that
     level of stress could be reached.  Application of significant amounts of
     reverse thrust would cause a severe controllability problem in and of itself
     though.  If one engine were providing full foward thrust and the other
     significant reverse thrust, the result would be a very large yawing moment.
     The crew would likely notice this very quickly.  It is possible that the
     reversers deployed as part of a engine failure that was already in progress.
     More data will be required before this can be ascertained.
     
     						Steve Philipson
     
     

Re: Lauda Air Crash (RISKS-11.78)

Jeremy Grodberg < lia!jgro@fernwood.mpk.ca.us >
Tue, 4 Jun 91 20:10:44 GMT
     
     According to the Wall Street Journal, 6/3/91, In order to receive federal
     (US) certification, the Boeing had to *demonstrate* that the 767 could
     fly with one thrust reverser deployed (emphasis added).  I take this to
     mean that they had to actually fly the plane this way.
     
     The same report also said that Boeing engineers knew of one other time
     the thrust reverser deployed in mid-air, but that plane landed without
     incident, and the situation may not have been entirely analogous.
     
     Jeremy Grodberg   jgro@lia.com   
     
     
---------------------------------------------

RISKS of posting humor to the net

Phil R. Karn < karn@thumper.bellcore.com >
Tue, 4 Jun 91 19:31:15 EDT
     
     Uh, the line
     
       for(;P("\n"),R-;P("|"))for(e=C;e-;P("_"+(*u++/8)%2))P("| "+(*u/4)%2);
     
     does *not* compile cleanly on my system (Sparc). The problem is with the
     operators "R-" and "e-". Change them to "R--" and "e--" and it will compile
     successfully, but drop core when it runs. Then initialize u, C and R to
     something reasonable (like "the address of an array of 100 ints initialized to
     0', "10" and "10", respectively), and define P() to be printf(), and you'll get
     output that looks something like this:
     
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     | _| _| _| _| _| _| _| _| _| _|
     
     Make the initial values of the array random, and you get something that
     looks like a maze:
     
      _ _ _ | _| _| _|   |
       _| | | | _ _ _ _ |
     | _| _| _|     _| | |
     | | _ _ _ _ | _| _| _| |
         _| | | | _ _ _|
      _ | _| _| _|     _|
     | | | | _ _ _ _ | _| _|
     | _|     _| | | | _|
      _ _ _ | _| _| _|   |
       _| | | | _ _ _ _ |
     
     
     Cute, yes. Useful? You tell me...
     
     Phil
     
     
---------------------------------------------

Digital Fingerprints in California

Mike Caplinger < mc%miranda.uucp@moc.jpl.nasa.gov >
Thu, 30 May 91 09:48:16 PDT
     
     I recently applied for a California driver's license, and was surprised to
     learn that the fingerprinting required for a license (right thumbprint) was now
     done by a digital scanner instead of with paper and ink pad.  The RISK is
     obvious -- sometime down the road, when pattern matching of fingerprints has
     been more or less totally automated, the State of California will have a
     database ready to go without the hassle of scanning paper fingerprints in.
     It's my understanding that current matching technology is too labor- and
     computer-intensive to perform regularly on anything larger than a database of
     known felons, but with advances in computer power, matching against the whole
     population may be possible.  Anybody know more about the California database,
     or how viable thumbprint matching may be?  Would one expect many false matches
     using just a thumbprint?  How many other states require fingerprints for
     driver's licenses, and does any other use digital scanners?
     
     I suppose it's possible that the California DMV doesn't retain the digital data
     -- but I doubt it.  I'm less certain but fairly sure that the "mugshot" is also
     taken with a video system.  I could imagine it would be awfully tempting for
     law enforcement agencies to combine those two databases.
     
     	Mike Caplinger, MSSS/Caltech Mars Observer Camera   mc@moc.jpl.nasa.gov
     
     
---------------------------------------------

CPSR Review of FBI Net Surveillance

< cdp!dsobel@labrea.Stanford.EDU >
Tue, 4 Jun 91 18:25:15 PDT
      
     I 'd like to add a bit of relevant information to the discussion.  Computer
     Professionals for Social Responsibility (CPSR) is currently litigating a FOIA
     lawsuit against the FBI seeking information on the Bureau's policies and
     practices with regard to computer bulletin boards.  A couple of months ago, we
     received a heavily censored copy of a 1985 internal FBI legal opinion entitled
     "Acquisition of Information from Electronic Bulletin Boards."
      
     Although couched in terms of a prohibition, the opinion does *not* establish an
     across-the-board prohibition on monitoring and/or surveillance of computer
     bulletin boards.  All that the opinion prohibits is a "comprehensive"
     monitoring program.  Bulletin boards may be monitored, so long as Fourth
     Amendment standards are satisfied, i.e., where there is a "reasonable
     expectation of privacy," a warrant must be obtained.  The opinion might not be
     using precise language when it refers to "bulletin boards," since most are
     public and do not generally involve an expectation of privacy.  As I read the
     opinion, it permits warrantless monitoring of public bulletin boards on a
     case-by-case basis.
      
     CPSR believes that such monitoring, even of public bulletin boards, is
     inappropriate.  There is an undeniable "chill" placed on the free exchange of
     opinions when participants need to worry if the discussion is being monitored
     by government agents.  The history of the FBI demonstrates that individuals
     expressing views deemed to be unpopular or "subversive" became the subjects of
     official scrutiny and extensive record-keeping.  While some might argue that
     bulletin board discussions are completely open and that participants should
     expect them to be monitored, such a concession seriously erodes First Amendment
     values.  How would we feel if we knew that every political meeting or community
     gathering we attended was monitored and recorded by government agents?  Isn't
     that the sort of governmental conduct we so strongly condemned when it was
     practiced by the old communist regimes in Eastern Europe?
      
     While it is unclear whether we will be able to learn anything about the
     implementation of the FBI's policy through our lawsuit, the legal opinion
     described above certainly raises questions that should be pursued.  I would be
     glad to keep interested folks posted on developments, though I'd prefer to do
     so through private e-mail, i.e., "with an expectation of privacy."  Send me a
     note if you'd like to be kept informed about the litigation.
      
     	David Sobel, CPSR Legal Counsel       cdp!dsobel@labrea.stanford.edu
     
                 ["... with an expectation of privacy" is subtle, in that apart from
                 "privacy enhanced e-mail", e-mail goes over unencrypted local and 
                 global networks, is handled by some decidely unsecure systems, and
                 is typically forwarded iteratively to other people.  "... with some
                 hope of privacy" might be more accurate!  But I imagine David will
                 get some requests from a few government RISKS contributors, who
                 might like to know what "developments" are turning up...  PGN]
                             
     
---------------------------------------------

Computers and Academic Freedom Groups Now at EFF.ORG

Jim Horning < horning@Pa.dec.com >
Tue, 4 Jun 91 12:22:59 PDT
     
         CAF discusses such questions as : How should general principles of academic
     freedom (such as freedom of expression, freedom to read, due process, and
     privacy) be applied to university computers and networks? How are these
     principles actually being applied? How can the principles of academic freedom
     as applied to computers and networks be defended?
         The EFF has given the discussion a home on the eff.org machine.  As of
     April 23, less than two week after its creation, the list has 230 members in
     four countries.
         There are three versions of the mailing list:
     comp-academic-freedom-talk
             - you'll received dozens of e-mail notes every day.
     comp-academic-freedom-batch
             - about once a day, you'll receive a compilation of the day's notes.
     comp-academic-freedom-news
             - about once a week you'll receive a compilation of the best
               notes of the week. (I play the editor for this one).
         To join a version of the list, send mail to listserv@eff.org. 
     Include the line "add <name-of-version>". (Other commands are "delete
     <name-of-version>" and "help").
         In any case, after you join the list you can send e-mail to the 
     LIST BY addressing it to caf-talk@eff.org.
         These mailing lists are also available as the USENET alt groups
     'alt.comp.acad-freedom.talk' and 'alt.comp.acad-freedom.news'.
     
     
---------------------------------------------

Previous Issue Index Next Issue Info Searching Submit Article


Report problems with the web pages to Lindsay.Marshall@newcastle.ac.uk.
This page was copied from: http://catless.ncl.ac.uk/Risks/11.82.html
COPY!
COPY!
Last modification on 1999-06-15
by Michael Blume