Home page logo

basics logo Security Basics mailing list archives

FUD - was FAX a virus
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 3 Mar 2007 08:10:47 +1100


The idea of faxing a virus is ludicrous and this demonstrates the FUD in the industry. I have to state that I am amazed 
that people here are even considering this seriously! In other words, that people are willing to comment on a 
technology with no idea how it works without even taking the time to check the facts.

This is one of the systemic faults within the security industry at the moment.

The initial question was Ok. It demonstrates that the person wanted to learn. The responses demonstrate that people are 
willing to open their mouth without first checking the facts. This is a bad thing - please understand this.

A Facsimile is an analogue device - it does not send digital information and it can not even send the same information 
twice. Not EVER! More on this later.

Some history seeing as a lesson seems to be needed. (Responding without checking facts - bah - as you can see this is a 
pet hate, people in security need to take the time to LEARN the truth and not make FUD).

History of the Fax. (A very condensed version)

Alexander Bain (1818-1903)

In 1843 invented a precursor that used two pens connected by an electrical wire to send information.

In 1862 (correct me if this date is wrong) Giovanni Caselli made the first pantelegraph to electronically send photos.

? On date, but about 1880. Elisha Gray (founder of the Western Electric Company) patented a simple (though it took a 
room to hold and oft caught on fire) a facsimile transmission system.

Arthur Korn (1870-1945) sent the first inter-city fax in 1907 using a "telephotographer" to send photos from Munich to 

And so it goes till Xerox got into the picture in 1964 with Long Distance Xerography (LDX) and shortly after with the 
Magnafax Telecopier (weighing only 46-pound) in 1966. This was where we have what is essentially a "modern" facsimile 

How does a Fax machine work? (First faxes in general than computers)

A fax is a scan of a block of the image to be sent. The scan is analogue in that the intensity of the tone is converted 
to a digital signal. This scan is impacted by ambient temperature, lighting conditions and many other factors - 
although none of these will make any difference that the human eye can note.

This signal is sent as an electronic wave function. Again, analogue and not digital. It is converted (taking phone line 
faxes and excluding radio fax in this case) as a signal similar to a modem communication that is transmitted to a sound 
wave if you listen to this on a phone.

Line conditions always impact the transmission. A white noise function creates variations in the wave form that 
reflects the error rate on the page.

In a computer fax card or program, this is interpreted and converted to make the digital image. The image varies each 
and ever time that a fax is send and it is not possible for the sender to control all conditions to ensure that any 
stream of information comes out the same.

If you do not believe this statement I have to have you read up on Quantum cromodynamics, and Quantum wave physics and 
Uncertainty. (This is a topic best off list for any of you who want to chat more on a very interesting subject).

Basically, this is a probabilistic function. If for a SPECIFIC card in a SPECIFIC computer a SPECIFIC set of code could 
be send to that machine that could case some unknown fault (let alone a virus), the sender needs also to be able to 
control the line between the receive and him/herself.

Probabilistically we are talking a 1 in 10^34 or larger chance of being able to control all these conditions EVEN if 
there was a specific piece of code (which has never been shown to exist or even be feasible) of controlling all the 
required conditions. There is a larger probability that all the electrons and quarks in both your body and those of the 
wall will somehow align just as you walk into the wall - allowing you to pass through it as it the wall was not there.

So to reiterate (to the tune of Monty Python's SPAM).

FUD, FUD, FUDity FUD....

Now, to the real issue. (Yes time to get on my soapbox AGAIN).

Security "professionals" do not make FUD. Security "professionals" do not propagate FUD. Security "professionals" check 
the facts BEFORE going off half cocked with a story that is about as likely as an alien abductions. Please check the 
facts before damaging the industry as a whole.

I do say industry as a whole for this. Each time we state something that is not scientific and has no basis in fact 
designed to make other percieve an exagerated sense of risk associated with a theretical conditiuon, we make FUD. In 
doing this, we lower the standing of all "security professionals."

To even state - "the threat is extraordinarily low" is an exageration. If all worlds possible in all galaxies in the 
known universe all have all their people sending faxes for all the life of the universe, than the chance of sending 
information in the manner suggested is still approximately zero. This is even with modern error correction techniques.

So to even make this an issue is FUD. Risk first needs a threat, a threat needs an impact and a probabilistic 
likelihood. If these are all close to zero, than the risk is zero.

Facts first - facts second and than make the decision based on reality. FUD and an exageration of  risk is one of the 
greatest evils  today. Please do not jump on this bandwagon!

Please let's start acting like Security "professionals".


Craig S Wright

PS FUD = bad - please remember, FUD = bad...

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]