Subject: RISKS DIGEST 10.19 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 10 August 1990 Volume 10 : Issue 19 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computers as counterfeiters? (Will Martin) Computer voice recognition monitor for gang members (Rodney Hoffman) U.S.-supplied Saudi air defense software not working (Jon Jacky) Hubble Trouble: `Astonishing' error of about 1 mm (Lauren Weinstein) Re: British Rail signalling software problem (Pete Mellor) Re: "compress" and the Unisys patent (Anonymous) Re: Design for the real world (Robert Biddle) Computer Security Applications Conference (Marshall D. Abrams) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]GET RISKS-i.j ; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory listing of back issues. ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. ---------------------------------------------------------------------- Date: Thu, 9 Aug 90 12:36:58 CDT From: Will Martin Subject: Computers as counterfeiters? "Run for the hills! Congress is in session!" The following item was included in a column on printer technology in the August '90 issue of "St. Louis Computing," a tabloid freebie local paper: "...computer printers have become so advanced that the Treasury Department is concerned that they will soon be used to print money. Michigan Senator Donald W. Riegle Jr. has introduced a bill that would make it a crime to possess any device that the Treasury Department concludes would facilitate counterfeiting." Hmmmm.... I hope the generality is in the reporting and not in the proposed legislation, because "any device" as cited above includes eyeballs, pencils, engraving tools, paper, ink, color copiers, and millions of other items both mundane and esoteric... If the legislation is actually written so broadly or vaguely, I nominate it for "dumb bill of the month". Anyone out there know the actual details of this proposal? Will Martin ------------------------------ Date: 10 Aug 90 08:26:53 PDT (Friday) From: Rodney Hoffman Subject: Computer voice recognition monitor for gang members According to a story by John Kendall in the 'Los Angeles Times' 10 August 1990, a computerized voice recognition system will be used in a six-month pilot program to assure that gang members on probation stay home during "Red Alerts," declared by the Probation Dept. >From the article: "A computer will telephone designated gang members at random during the hours they are restricted. The computer will direct them to state their names and repeat after the computer as it names several states. The computer will then electronically analyze their responses and compare the findings with voice tapes made earlier. If the computer questions any of its contacts, it will notify monitors, and a probation officer will be sent to check in person.... "Probation Department Deputy Director Michael Lindsey ... expects the computer monitor program to be in place sometime this month. If it is deemed a success, he wants to extend electronic monitoring to the entire county, with upward of 1,000 gang members in the system eventually. But first, the present program must be perfected, he says. "The $19,000 system employs a computer and voice-analysis software provided free to the Probation Department for six months by BI Inc., a Boulder, CO firm. Currently, four college students are preparing background information for the computer on 100 gang members. Next, deputy probation officers will record their charges' voices for comparison by computer. "When gang trouble develops, the police and probation officers will identify the gangs involved, determine what members are on probation and tell them individually to stay home for periodic checks by the computer. Lindsey hopes that computer monitoring will afford soft-core gang members an excuse to stay out of trouble." ------------------------------ Date: Fri, 10 Aug 1990 9:53:38 PDT From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) Subject: U.S.-supplied Saudi air defense software not working The following excerpts appeared near the end of a story in THE SEATTLE POST-INTELLIGENCER, Aug 10, 1990 p. A2: BOEING FLYING FAMILIES OUT OF SAUDI ARABIA by Bill Richards ... Most of Boeing's employees work on either the Saudi's Airborne Warning and Control System (AWACS) aircraft or on the ground-based Peace Shield network. ... The $1.2 billion Peace Shield system, which consists of a network of computerized radar and communications equipment designed especially for the Saudis, has been a problem for Boeing. The equipment was designed as a ground-based air defense system to complement the airborne AWACS, but Boeing engineers are still attempting to debug the system's softwear [sic]. The softwear is made by Computer Sciences Corp. of El Segundo, Calif. Boeing officials said Peace Shield was scheduled to be completed next year, but is behind schedule. "The system is not up and running," Boeing spokesman Don Brannon said yesterday. Brannon said most of the Peace Shield activity underway in Saudi Arabia now involves construction work .... - Jon Jacky, University of Washington, Seattle jon@gaffer.rad.washington.edu ------------------------------ Date: 09 Aug 90 1748 PDT From: Lauren Weinstein Subject: Hubble Trouble: 'Astonishing' error of about 1 mm (excerpt) By PAUL RECER, AP Science Writer WASHINGTON (AP) - A NASA committee investigating the focusing flaw that crippled the Hubble Space Telescope said Thursday that there was an error of about 1 millimeter in a measuring device used to grind the telescope mirrors. In the precise world of optics, such an error is ``astonishing,'' said one expert. A one-page statement released by NASA said a committee investigating the Hubble problem found that a measuring device called a reflective null corrector had been adjusted incorrectly when the primary mirror was being ground and polished at the Hughes Danbury Optical Systems plant in Danbury, Conn. Hughes Danbury had preserved the null corrector in the exact position that had been used to grind and polish the mirrors in the early 1980s and the investigation committee tested the device on Wednesday. Preliminary results of the test, the statement said, ``have revealed a clear discrepancy of approximately one millimeter between the design of the null corrector and the device as it exists.'' [...] Daniel Schulte, a senior scientist at the optical laboratory at the Lockheed Palo Alto Research Laboratory in California, said that an error of that magnitude was ``astonishing.'' ``That's gross,'' he said. ``There's no reason for an error of that size to be tolerated.'' Schulte said that in normal optical manufacturing, a tolerance of a 20th or a 50th of a millimeter is considered ``standard tolerance.'' He said the error was so large ``it had to be a transposition of numbers or something like that, that was carried through. It had to be something clerical like that.'' Schulte, an astronomer, was a member of an independent panel named by NASA to evaluate the Hubble focusing flaw just after it was discovered in June. A null corrector is a device that can be adjusted to create a pattern of light in the exact shape desired in an optical lens or mirror. The light pattern from a null corrector is interpreted by another device to tell a computer the precise grinding and polishing pattern that must be followed. However, if the null corrector is set wrong, then the lens or mirror will be ground to an incorrect shape. In effect, the optics are then made to the wrong prescription and cannot give the expected focus. [...] ------------------------------ Date: Fri, 10 Aug 90 00:49:06 PDT From: Pete Mellor Subject: Re: British Rail signalling software problem Many thanks to Clive Feather for explaining (RISKS-10.18) what probably happened when a BR signalman closed down a part of the network because he could (apparently) no longer trust the information displayed to him. Disclaimer: I know next to nothing about railway signalling, so I could only quote the Guardian news item verbatim (but adding a few speculations of my own). Clive is obviously much better informed. On one point, however, I do stand firm. That is the manufacturer's preposterous (at any rate, it sounded preposterous to me) claim that the system was still 'under test'. As Clive says: > First you test it on a model railway. Then you hook in the display system in > parallel with the existing one, and see what happens. Eventually, however, you > have to go live. I entirely agree, but that was my point: when you go live, the system is no longer 'going through a testing stage' as the manufacturer said. If the system is 'under test', then, as Clive says, you run it *in parallel* with the existing system (as the final stage of its trial). The new system goes live, without back-up parallel systems, when the manufacturer is confident that its reliability is no worse than the system it replaces. He can't have it both ways! Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB UK ------------------------------ Date: Fri, 10 Aug 1990 7:58:11 PDT From: "Anonymous" <...> Subject: Re: "compress" and the Unisys patent (Littman, RISKS-10.18) The message in RISKS regarding compress was unnecessarily alarming. In fact, it really represents the start of a chain of hundreds of Usenet messages discussing the Unisys patent in detail, including various postings by the compress authors. There is considerable question regarding software-only implementations of the algorithms, *which* algorithms really are involved, Unisys' true intentions, compression vs. decompression, validity or invalidity of the patent if tested in court, etc. It is not a simple situation, and there is significant evidence that some people may have become alarmed unnecessarily, or at the very least prematurely. People who need more information about this subject should look over the entire discussion if possible, not react to the initial statement. This would seem to be a risk of seeing only the first message in a chain! There may yet be potential complications regarding compress and the Unisys patent, but this is by *no* means an established fact at this point and is a matter of active analysis at this time. ------------------------------ Date: Fri, 10 Aug 90 14:54:32 +1200 From: Robert.Biddle@comp.vuw.ac.nz Subject: Re: Design for the real world (RISKS-10.18) >From our library computer: Callmark Main Collection Status : In TS171.4 P213 D 2ed TITLE Design for the real world : human ecology and social change / Victor Papanek. 2nd ed., completely rev. NAME 1. Papanek, Victor, 1925- IMPRINT London : Thames and Hudson, 1985. EXTENT xxi, 394 p. : ill. ; NOTES First published: New York : Pantheon Books, 1971. Includes index. Bibliography: p. 351-385. SUBJECT 1. Design, Industrial. And a very interesting, if often anectodal, book it is too. Robert Biddle, Computer Science, Victoria University, Wellington NEW ZEALAND ------------------------------ Date: Mon, 06 Aug 90 13:47:02 -0400 From: (Marshall D. Abrams) Subject: Advance notice of Computer Security Applications Conference Marshall D. Abrams, The MITRE Corporation, 7525 Colshire Drive, Mail Stop Z269, Mc Lean, VA 22102 phone: (703) 883-6938 FAX: (703) 883-5639 [effective 7/10/90] Sixth Annual Computer Security Applications Conference December 3-7, 1990 Westward Look Hotel, Tucson, Arizona Sponsored by American Society for Industrial Security Aerospace Computer Security Associates in cooperation with IEEE Technical Committee on Privacy and Security American Institute of Aeronautics and Astronautics ACM Special Interest Group on Security, Audit and Control Keynote Speaker: Senator Dennis DeConcini (D - Arizona) Luncheon Speakers: Ralph V. Carlone, GAO Dave Fitzsimmons, Cartoonist, Arizona Daily Sun Distinguished Lecture in Computer Security: Dorothy E. Denning, DEC Tutorial Program, Monday, 3 December 1990 Morrie Gasser, DEC, "Security In Distributed Systems" Brett Fleish, Tulane, "Introduction to Trusted Computer System Design" Richard Linde, Unisys, "Penetration Testing" Charles Martin, Duke Univ. "Applying Formal Methods by Hand" Tutorial Program, Tuesday, 4 December 1990 Morrie Gasser, DEC, "Security in Distributed Systems II" Teresa Lunt, SRI, "Approaches to Database Security" E. J. Humphreys, British Telecom, "OSI Security" David Snow, ITT, "Risk Management" John McHugh, CIT, "Software Safety" Technical Program, Wednesday - Friday, 5-7 December 1990 Technical Paper Sessions + Trusted System Development (architecture, design, formal methods, auditing, user interface) + Network Security + Security Engineering (risk assessment, life cycle) + ISO Standards + Data Base Security (research, application) + Non DOD Applications + DOD Applications + Integrity Panel Sessions + Computer Crime + Trusted System Development + Education and Ethics + Trusted Subject-based DBMS + Software Safety + Certification of Professionals + Security Standards for Open Systems + Computer Security in Government Labs Special Events: Biosphere II: a prototype of the Earth for the future; Sonora Desert Museum: living animals and plants of the Sonoran Desert Region Additional Information For a copy of the advance program, which includes rates, schedule, registration form, and special activities, contact: Diana Akers, Publicity Chair, (703) 883-5907, akers%smiley@gateway.mitre.org , Victoria Ashby, Co-Chair, (703) 883-6368, ashby%smiley@gateway.mitre.org , The MITRE Corporation, 7525 Colshire Dr., McLean, VA 22102 Advance Programs will be available early September. Please request one at that time. Conference proceedings and videotape of the Distinguished Lecture will be available. Program Subject To Change. ------------------------------ End of RISKS-FORUM Digest 10.19 ************************