Subject: RISKS DIGEST 14.26 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 12 January 1993 Volume 14 : Issue 26 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Florida Rental Car Scam (Dewey Coffman) Computer games may endanger your health (Olivier MJ Crepin-Leblond) Ford's honesty saves county $2 million (John Cigas) Name+birthdate=no drivers license (Bruce Hayden) Student Load Errors Blamed on Computer (Steve Peterson) "Softkiller" as Arts? (Klaus Brunnstein) Computer Theft of Criminal Records (Gary McClelland) Computer hacking of flight details "was illegal" (Jonathan Bowen) Upcoming Telephone Number problems (Rob Horn) FAA prohibits pilot knowing GPS altitude in IFR flight (Jim Easton) Risks of networks (Larry WB Ching via Monty Solomon and Jerry Leichter) Version numbers (Andrew Marchant-Shapiro) About Computer Expense... (Paul Robinson) [humor?] Re: Large Foreign Exchange Rates (Mark Brader, Peter Trei, Dik Winter) Correction on Computers, Freedom and Privacy 1993 (Bruce Koball) 1993 Complex Systems Engineering Synthesis and Assessment (C.A. Meadows) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sun, 10 Jan 93 18:16:35 CST From: dewey@sooner.ctci.com (Dewey Coffman) Subject: Florida Rental Car Scam Ex-Car Rental Owners Indicted, FORT LAUDERDALE, Fla. (AP) Value Rent-A-Car Inc. rigged its COMPUTER system to set up a scam overcharging customers who returned their cars with less than a full tank, a federal indictment says. The indictment returned Friday says Steven M. Cohen, one of three former owners charged, fixed Value's computer system in 1988 to add five gallons to the fuel tank capacity of every vehicle in Value's fleet. This allowed the company to overcharge customers who turned in the car with less than a full tank. Federal prosecutor Lothar Genge said that through 1991, about 47,000 customers were slapped with the phony charge, which ranged from a couple of dollars to $10 or $15. Mitsubishi Motor Sales bought the company in 1990 and is looking for ways to pay back the overcharges, Genge said. ------------------------------ Date: Thu, 7 Jan 1993 22:47:24 +0000 From: Olivier MJ Crepin-Leblond Subject: Computer games may endanger your health Nintendo Inquiry Launched The Government is probing claims of health hazards to children playing computer games like Nintendo. The informal inquiry follows reports that two boys in Cardiff had been struck down with epileptic fits. Baroness Denton, junior Consumer Affairs Minister, has called for an urgent report: `It is important to know if there are any health risks. [From Teletext service on Carlton TV & Channel 4 (UK), Thursday 7th Jan 93] Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department Imperial College of Science, Technology and Medicine, London SW7 2BT, UK ------------------------------ Date: 07 Jan 1993 16:59:41 -0500 (CDT) From: "I. LOVTUSKI" Subject: Ford's honesty saves county $2 million Here is an excerpt from an article in the Kansas City Star, January 7, 1993: Ford's honesty saves county $2 million, by Anne Lamoy An alert bookkeeper at the Ford Claycomo assembly plant saved Clay County from cheating itself out of $2 million. When paying the county's business personal property taxes recently, Ford's bookkeeper realized that the plant's two tax bills were much smaller than in previous years. Much, much smaller. "When the original bills were printed, they left off a digit," Clay County Assessor Shirley Quick said Wednesday. "And that digit meant $1 million." In fact, both tax bills were exactly $1 million short, thanks to a computerized data entry error. The article goes on to state that Ford is the only company that owes more than 1 million in business personal property taxes in the county. It doesn't say whether this is the first time their bill contained 7 digits. John Cigas, Rockhurst College cigas@rckhrst1.bitnet ------------------------------ Date: Fri, 8 Jan 1993 05:33:14 GMT From: bhayden@csn.org (Bruce Hayden) Subject: Name+birthdate=no drivers license Today on a trouble shooting talk show in Denver, a caller called in to complain that his license had been revoked, and he had to leave his car since he couldn't drive. Apparently, he had renewed his drivers license recently (required every three years in Colorado). At that time, a database check was made of the other 49 states. There was a match, based on birthdate and name. The other person with the same name and birthdate, had a suspended Penn. drivers license, based on a drunk driving conviction. Based on that match, his license was summarily revoked, and notice was mailed to him to that effect. (Which he apparently had not yet received). The license showed revoked at a routine traffic stop some time later. It is not clear how automatic the revocation process is. In any case, no hearing is offered before the revocation. The driver was especially upset because: 1) he had had a Colorado drivers license for 25 years. 2) he had never been to Pennsylvania, and 3) he didn't drink. The burden is apparently upon him to prove the the Colorado DMV that they had the wrong man. At present he is still fighting the organization trying to get his license reinstated. Bruce E. Hayden (303) 758-8400 bhayden@csn.org ------------------------------ Date: Tue, 12 Jan 93 10:57:50 CST From: Steve Peterson Subject: Student Load Errors Blamed on Computer The following appeared in the Minneapolis Star Tribune, 1/12/92: STUDENT LOAD ERRORS BLAMED ON COMPUTER (AP) Because of a computer problem, thousands of college students have been sent notices ordering them to begin repaying loans that aren't due, a loan- processing company in St. Paul [Minnesota] says. Shirley Chase, an attorney for EduServ Technologies, formerly known as Hemar Corp., said problems with a new computer system caused a backlog in processing student requests to defer payments. She said the company hopes to clear up the backlog by the end of February. More than 10,000 deferment forms are backlogged, she said. Because of the backlog, some students who are entitled to postpone their loan payments have gotten notices urging them to pay and some have been contacted by a collection agency. Chase said EduServ has "bent over backward" to make sure no adverse credit reports are filed with credit bureaus because of the delay. EduServ processes loans issued by banks and other lenders and make sure payments are current. Comment: Given that they probably had a choice of whether to send dunning notices to everyone or temporarily stop sending them, it shouldn't be surprising which choice they made. Steve Peterson, FOURTH SHIFT Corporation, 7900 International Drive, Bloomington, MN 55425 USA peterson@fs.com [My daughter reported in from Massachusetts that she had seen a message displayed in front of JD Auto Sales off Rte 128 in Swampscott MA, with something like the following message: TO ERR IS HUMAN. TO BLAME IT ON A COMPUTER IS EVEN MORESO. An old RISKS theme, worthy of reminder. PGN] ------------------------------ Date: Mon, 11 Jan 1993 13:41:30 +0100 From: brunnstein@rz.informatik.uni-hamburg.dbp.de Subject: "Softkiller" as Arts? FLATZ, leading performance artist from Munich (Bavaria) recently advertised "SOFTKILLER - the first buyable computer art virus". For MS-DOS systems, you may buy a diskette (in limited version: 20 diskettes each 1,800 DM equiv. about 1,100$; or unlimited version: 500 diskettes each 300 DM equiv. 185$) which after start will display some FLATZ head on the screen while formatting the disk. Advertised shortly before xmas as "the ultimate donation for PC owners", FLATZ explicitly warns that SOFTKILLER overwrites disks on data and will overwrite itself after execution. After publication of this advertisement, Bavarian Criminal Agency became involved to analyse whether this might imply a crime of "computer sabotage" (German Penal Code, section 303b) according to which the destruction of programs and data which are essential for some person or institution will be prosecuted. In the analysis, FLATZ admitted that his software was not self-reproducing and therefore no virus. Moreover, his "attack on the computerworld" is mentioned in capital letters on the envelope. On the other side, distribution via BBS (though not foreseen by him) this warning is lost. At this time, no test or reverse engineering of SOFTKILLER has been done. Probably, it is technically not worth the effort. But with some probability, other artists may come up with similar "ideas". Happy,Healthy and Riskless 1993 Klaus Brunnstein (University of Hamburg, North Germany, January 10, 1993) ------------------------------ Date: Fri, 8 Jan 1993 11:22:59 -0700 From: mcclella@yertle.Colorado.EDU (Gary McClelland) Subject: Computer Theft of Criminal Records An AP story in the Boulder Daily Camera (1/8/93) reports a familiar story with a few new variations. A private investigator and two police employees have been indicted by a Denver grand jury for improperly obtaining the criminal histories of 8,559 individuals. The Private Eye paid $3 to $5 per search and as much as $1,300 per week (he kept great records!). The scheme unraveled when a co-worker of the police employee who was doing the snooping became angry that her colleague was spending so much time looking up names that she was falling behind in her regular work. So after seeing a "criminal history format" on her screen that she was not supposed to be using, the co-worker turned her in. A computer log revealed that on the day she was caught, she had run checks on 95 people! It turns out that a transaction recording system allowed investigators to reconstruct all 8559 criminal history searches. With such a great logging system it seems strange that no one noticed 8559 extra searches; if the co-worker hadn't got the extra work dumped on her, these folks would still be stealing criminal records. gary mcclelland, univ of colorado, mcclella@yertle.colorado.edu ------------------------------ Date: Tue, 12 Jan 93 15:04:24 GMT From: Jonathan.Bowen@prg.ox.ac.uk Subject: Computer hacking of flight details "was illegal" Today's UK newspapers are full of the story on the British Airways (BA) "dirty tricks" campaign against Virgin and their successful suing by Richard Branson. Of particular relevance to "risks" is the following extract from the Independent newspaper (p6, 12 January 1993): ... The [BA] team were told that in future, their key task would be to access highly confidential information from their rival's [Virgin's] computer system. "We were shown how to get the information by tapping into our computer terminals in the Helpline office. We tapped in with our regular BA code and called up the Virgin flight numbers". In common with many other airlines, Virgin rents out a segment of a vast computer known as Babs - British Airways Booking System. Mr Khalifa and his colleagues simply tapped into it. "We could see on the Babs computer system when flight is open [sic], when it closed, if it was delayed and how many passengers were due to board". For the next nine months the Helpline hackers provided BA with critical information on Virgin's flights. Jonathan Bowen, Oxford University [A much longer version of this article was reported by Bob Dowling . PGN] ------------------------------ Date: Fri, 8 Jan 93 11:48:27 EST From: horn%temerity@leia.polaroid.com (rob horn) Subject: Upcoming Telephone Number problems I don't recall mention on Risks of the impending problems with modem networks. The North American telephone numbering plan is being changed. This is going to gradually lead to problems for all the people with long distance numbers that are pre-stored in documents, files, programs, and modems. The change (as I understand it) is that the leading 1 digit should be used ONLY when dialing outside the area code, rather than the current system that imposes the need when dialing outside the local calling area. Then the area code restriction to the form x0x or x1x will be removed. I expect the change to be done carefully by the telco's so that mistakes will cause failure to connect rather than incorrect connection. Just to make things interesting, this change is being staged area code by area code. So for people who plan to fix their internal stored numbers you need to know when your area is being changed. Rob Horn hornr@mr.polaroid.com ------------------------------ Date: Fri, 8 Jan 93 12:34:43 PST From: jim@mpl.UCSD.EDU (Jim Easton) Subject: FAA prohibits pilot knowing GPS altitude in IFR flight I was recently informed that the KLN-90 GPS(Global Positioning System) navigation unit used in airplanes was designed so that the pilot cannot display the altitude the unit calculates from satellite data. It does display the barometric altitude and will issue a warning if the barometric altitude differs significantly from the GPS altitude. On asking Bendix/King why they would deny a pilot information already computed in the unit, the spokesperson explained that the calculated GPS altitude is often several hundred feet different from the "officially correct" barometric altitude, and that pilots might be so stupid as to try to fly by the GPS altitude - thus putting themselves at risk of a collision. Accordingly, the TSO(Technical Standards Order) by which the FAA defines approval of GPS navigation systems for IFR(Instrument Flight Rules) prohibited them from making GPS altitude information available to the pilot. Last month I was flying in the clouds in mountains and experienced a failure of the primary pressure altimeter in the aircraft. Cross checking a second pressure altimeter with the GPS altitude on a non-TSO GPS navigator verified that it was the primary altimeter that was wrong. Not having this information could easily have resulted in my death. I would much prefer to educate pilots about GPS altitude errors than to deny them the possibility of having what could be lifesaving information. Jim Easton, Box 889, Bonita, CA 91908 (619)548-0138 ------------------------------ Date: Sat, 9 Jan 93 08:03:32 EDT From: Jerry Leichter Subject: Risks of networks [I pulled the following from a recent TELECOM Digest, and it may very well have appeared elsewhere previously. But if ever there was an indication that the Internet is not the safe playground we like to think it is, it's this. Not only do we have to face new risks; we have to face new forms of old ones. -- Jerry] Date: Thu, 7 Jan 1993 03:34:36 -0500 From: Monty Solomon Subject: Sci.electronics Phone Fraud! [Moderator's Note: Monty also passed this along for us today. PAT] From: larryc@shell.portal.com (Larry WB Ching) Newsgroups: sci.electronics Subject: SCI.ELECTRONICS Phone fraud !!! Summary: A recent attempt to rip-off sci.electronics correspondents. Keywords: fraud, con artists, phone numbers Message-ID: Date: 1 Jan 93 23:16:23 GMT Sender: news@unix.portal.com Organization: Portal Communications -- 408/973-9111 (voice) 408/973-8091 At about 6PM Thursday evening, I got a phone call. The operator said that he had a collect call to me from Charles Pooley in New York. The name was familiar, but I didn't remember exactly why. I said I would accept the call, but then the "operator" said the call couldn't get through because I had the call collect option blocked. He then said he could pass the call through if I gave him my calling card number. I said that I'd rather call Mr. Pooley myself, and could the "operator" give me Mr. Pooley's number. There was a pause, then a phone number with a San Jose area code! It didn't occur to me until later that , if the call was from New York, why was the call-from number (408) !??! I remembered that Charles and I had been corresponding on a topic from sci.electronics. I was lucky enough to have an old message from him lying around, and emailed him a message about my mysterious phone call. Charles Pooley replyed to me today -- turns out the guy tried the same scam on him too! But this time, the bogus operator said the collect call was from me to Charles! Charles was also wary, and didn't give the crook his calling card number. So - WATCH OUT! How this con artist chose my name and Charles' to try is beyond me. As far as public postings in sci.electronics, I don't think Charles and I had exchanged more than four public postings. Most of our correspondence has been via "private" email. This has definitely raised my paranoia level. If, out of the millions of public postings during 1992, someone should choose two correspondents who have exchange only a slight amount of messages .... I mean, why us? Or, is there a "boilerroom" operation going on, with a bunch of phony operators, armed with USENET listings -- calling people with this con? OH! - I may have put my phone number in one of my public sci.electronics postings - that's probably how the scamsters make their selection. Makes sense ... CHILDREN BEWARE!!! larryc@shell.portal.com [Moderator's Note: I note the public access site you use for Usenet (Portal Com) is located in area 408 (San Jose, CA). PAT] [Also sent to RISKS by Mike LeVine, levine%fidler.decnet@chinalake.navy.mil] ------------------------------ Date: 7 Jan 93 14:35:00 EST From: "MARCHANT-SHAPIRO, ANDREW" Subject: version numbers Alas, Microsoft isn't the only software company sliding corrections in without notice -- there are (at least) two versions of Digital Research's (really wonderful) DR-DOS 6.0 floating around out there as well. In this case, the problem isn't quite so critical: the early version will not run Windows 3.1, apparently because of some hooks Microsoft inserted (rampant speculation). Windows 3.0 will run, however. The new version, which has been fairly freely distributed, but which has the SAME version number, corrects the Windows incompatibility (which some might call an advantage). DR-DOS users should check to make sure that their COMMAND.COM is dated 4-07-92 (or later?). For me, this has created no serious problems, but I can forsee situations in which failure to adhere to a reasonable numbering system could lead to all kinds of headaches -- "What version of our software are you using?" "Version 6.37a." "Yes, but WHICH version 6.37a...?" Andrew Marchant-Shapiro Depts of Sociology and Political Science USmail: Union College, Schenectady NY 12308 AT&T: (518) 370-6225 INTERNET: marchana@gar.union.edu BITNET: marchana@union.bitnet ------------------------------ Date: Mon, 11 Jan 1993 17:19:55 EST From: "Paul Robinson, Contractor" Subject: About Computer Expense... The following item appeared on the Operations List on Bitnet, and I thought I'd pass it on because it is unfortunately very true. Date: Sun Jan 10, 1993 1:09 am EST From: Mainframe Operations Discussion List EMS: INTERNET / MCI ID: 376-5414 MBX: OPERS-L@vm1.cc.uakron.edu TO: Multiple recipients of list OPERS-L EMS: INTERNET / MCI ID: 376-5414 MBX: OPERS-L@akronvm.bitnet Subject: Re: Some Good Old Standbys > I came across these in a Usenet post and found them quite relevant And one I saw in a humor column recently: If the automobile industry were like the computer industry over the past 30 years, a Rolls-Royce would now cost $5.00, would get 300 miles to the gallon, and once a year would explode killing all passengers inside! - tom mvac23!thomas@udel.edu lapp@cdhub1.dnet.dupont.com (work) {ucbvax,mcvax,uunet}!udel!mvac23!thomas ------------------------------ Date: Fri, 8 Jan 1993 01:28:00 -0500 From: msb@sq.com (Mark Brader) Subject: Re: Large Foreign Exchange Rates (Kain, Risks-14.23) > So in the face of unreasonable people (dictators, etc.), perhaps we > need to use a floating point representation for the exchange rates > - but I do think that one decimal digit for the exponent should be > adequate. He walks right into it! According to the Guinness Book of World Records, in June 1946 the Hungarian pengo [two acute accents on the o] reached a valuation of 1 / 1.3e20 of the gold pengo of 1931. Now I don't know what *that* value was, but I think we can assume that the exchange rates with at least some other currencies must have exceeded 1e19. The German inflation of 1923 also went well past the 1e10 mark -- no pun intended -- if I recall correctly. Mark Brader, Toronto utzoo!sq!msb, msb@sq.com ------------------------------ Date: Thu, 7 Jan 93 15:08:41 EST From: ptrei@bistromath.mitre.org (Peter Trei) Subject: Re: Large Foreign Exchange Rates (R. Y. Kain, RISKS-14.23) >So in the face of unreasonable people (dictators, etc.), perhaps we need to >use a floating point representation for the exchange rates - but I do think >that one decimal digit for the exponent should be adequate. ^^^ I wouldn't be too certain. I don't have it hand, but I recall an occasion when a South American currency (Paraguay?) depreciated to billions (43 billion?) to one versus it's gold equivalent (it's in the Guinness book of records). It is easy to underestimate the size of data a program may be asked to deal with, especially several years down the line. (See the Bank of New York problems, recorded here several years ago, when a program suddenly had more than 2^16 transactions/day). The cautious programmer will be generous to a fault. The best case I've seen was in a banking program where dollar amounts were stored as 96 bit integer quantities of pennies - this rolls over at nearly $8E26, or about 792 trillion trillion dollars. Peter Trei ------------------------------ Date: Fri, 8 Jan 1993 01:04:30 GMT From: Dik.Winter@cwi.nl Subject: Re: Large Foreign Exchange Rates (Kain, RISKS-14.23) The lack of need for seven digit accuracy is correct, the single digit exponent is not. I have a German banknote of 1,000,000,000 Mark, barely enough to buy a bread by one month after issue. I have also seen German stamps of 1,000,000,000,000,000,000 Mark (Eine Trillionen Mark, German trillions of course). That was in the early twenties of course. And I add that at that time Germany was a democratic country, no unreasonable people were involved. dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland home: bovenover 215, 1025 jn amsterdam, nederland; e-mail: dik@cwi.nl ------------------------------ Date: Thu, 7 Jan 93 14:34:46 PST From: "Peter G. Neumann" Subject: Correction on Computers, Freedom and Privacy 1993 (RISKS-14.21) Bruce Koball reports that the net address for cfp93 information and registration reported in RISKS-14.21 should have been cfp92@well.sf.ca.us. However, Bruce's address was correct, so this should not have caused anyone too much trouble. ------------------------------ Date: Fri, 8 Jan 93 10:49:36 EST From: meadows@itd.nrl.navy.mil (Catherine A. Meadows) Subject: CSESAW93 call for papers CALL FOR PAPERS 1993 Complex Systems Engineering Synthesis and Assessment Technology Workshop (CSESAW '93) July 20-22, 1993 Washington, DC This is a call for papers to be presented at the 1993 Complex Systems Engineering Synthesis and Assessment Technology Workshop (CSESAW '93) which will be held July 20-22, 1993. The theme of this year's workshop is integration. This workshop will explore issues related to the design synthesis and assessment of complex, computer-based, mission-critical systems. Many DoD related systems tend to be large, complex, fault tolerant, distributed, real-time, time-critical systems. Of interest is the development and enhancement of the system level ability to specify, capture, synthesize, analyze, model, prototype, test and implement such systems. The emphasis is on developing forward engineering capabilities; however, reverse engineering capabilities will also be addressed. TOPICS OF INTEREST INTEGRATION OF CAPTURE, OPTIMIZATION, AND ASSESSMENT TECHNOLOGIES INTEGRATION OF DEPENDABLE SYSTEM DESIGN INTO SYSTEM ENGINEERING INTEGRATION OF SECURE SYSTEMS DESIGN INTO SYSTEM ENGINEERING APPLICATION OF SIMULATION, MODELING, MEASUREMENT, METRICS, AND PROTOTYPING WITHIN SYSTEM ENGINEERING REQUIREMENTS ELICITATION, SPECIFICATION AND TRACEABILITY Authors are requested to submit (5) copies of the paper of no more than 7,000 words (5 pages or less). Include a cover letter listing the author(s), paper title, area of interest, and the name, address, FAX, telephone number, and e-mail address (if available) of the author who is responsible for all correspondence and preparation for the workshop by 15 April 1993. The accepted papers will be published as a Proceedings, which will be distributed within the Government and also made available to the general public. Submission Deadline: 15 April 1993 Acceptance Notification: 15 May 1993 Final Paper Submission: 1 June 1993 Submission Address: Steve Howell Naval Surface Warfare Center Code B40 10901 New Hampshire Avenue Silver Spring, MD 20903-5000 e-mail inquiries: showell@nswc-wo.navy.mil phone inquiries: 301-394-3987 fax inquiries: 301-394-1175 ------------------------------ End of RISKS-FORUM Digest 14.26 ************************