Subject: RISKS DIGEST 14.78 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 27 July 1993 Volume 14 : Issue 78 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer-aided tax fraud (Mich Kabay) Industrial Espionage (Mich Kabay) Stingers (Bob Frankston) Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet" (Li Gong) Biz Card Machine -- New Risk! (Dan Hartung) Re: Earthquake "early warning" systems (Lauren Weinstein, Brian Herzog) Re: Credit Cards on the Internet (Blake Sobiloff, Nandakumar Sankaran, Matt Crawford) Re: Seecof's reading ability (Mark Seecof) Dependability conference; call for participants (Jeremy Jacob) High-assurance software courses (Nancy Leveson) Centre for Software Reliability Workshop 1993 (Pete Mellor) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 27 Jul 93 11:16:20 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: Computer-aided tax fraud By Denise Lavoie, Associated Press Writer (from the AP) Norwalk, Conn. (AP) -- A day after its owner admitted cheating the government out of $6.7 million in taxes, Stew Leonard's dairy and produce store was accused Friday of mislabeling weights on hundreds of items. It seems that almost half of 2,658 tested products were short-weighted or had no weight listed on the label. As for the tax fraud, the criminals apparently removed records of $17.1 million in sales figures "in a computer-aided tax fraud scheme." The data diddling meant they failed to pay $6.7 million in taxes. The penalty is that they must pay $15 million in back taxes and fines. Would someone from that area of the country please post additional details on how the computer scam operated? Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: 27 Jul 93 11:16:36 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: Industrial Espionage Lopez Said To Order GM Papers; Volkswagen Denies Receiving Documents Washington Post, 23 July 1993 By Frank Swoboda and Rick Atkinson, Washington Post Staff Writers Secret General Motors documents seized recently at a Wiesbaden apartment by German investigators were prepared at the request of former GM executive Jose Ignacio Lopez de Arriortua before he joined rival Volkswagen, German prosecutors said yesterday. The article goes on to explain that the documents included information about Opel (General Motors in Europe) new Vectra car and about a top-secret "O" car. Both Lopez and VW deny any impropriety and denounced the prosecutor's public announcement. An intensive search of VW's computer systems is apparently going on to see if GM proprietary data have been stored there. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Tue, 27 Jul 1993 11:53 -0400 From: Bob_Frankston@frankston.com Subject: Stingers There was a recent article about the US trying to buy back Stinger antiaircraft missiles before they got sold to others. This sounds like another version of the stories about government installations being rather lax about complying with pollution control requirements. Similarly, security considerations should include a time limit on small powerful weapons. I presume that worry about the future is not a checklist item. Does anyone on this list know more about the issues involved? ------------------------------ Date: Mon, 26 Jul 93 11:32:31 -0700 From: Li Gong Subject: Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet" BEIJING (UPI, July 23, 1993) -- [PGN Excerpting Service] A Chinese Northwest Airlines flight carrying 113 people bounced off the runway and plunged into a lake in Yinchuan, the capital of Ningxia province, in a remote part of west China, on 23 Jul 1993, killing 59 people. The airliner attempted two takeoffs. The first was aborted. On the second, it ran off the runway, dropped into a lake, and broke apart. Flight 2119, a British Aerospace 146, was on a scheduled flight to Beijing. Ian Watson, director of regional operations for British Aerospace, said that "In the 10 years since it came into service, the BA-146 has compiled one of the finest safety records in the world." The last major airline disaster in China occurred in November when a China Southern Airlines Boeing 737 crashed into a mountain in the south China tourist city of Guilin, killing all 141 aboard. China has halted the establishment of new airline companies to improve air safety and tighten control over expansion in civil aviation. About 35 airline companies have sprouted up in China since CAAC relinquished control over the industry in 1988, faster growth than in any other country. China has only 109 airports, a fraction of those in developed countries, but passenger volume rose more than 24 percent in the first half of this year over last year. ------------------------------ Date: Mon, 26 Jul 93 12:55 CDT From: dhartung@chinet.com (Dan Hartung) Subject: Biz Card Machine -- New Risk! An unusual (and probably unexpected) risk has appeared -- business card vending machines. I saw my first one at a service plaza on the Indiana Toll Road (I-80/90). Basically, it's a simplified desktop publisher that will print out a variety of business card formats; you just enter your information. The prices were, of course, outrageous -- whereas I paid something less than 2 cents/card last time I had some printed professionally, this was at least 10 times that, even in quantity. Well, I suppose that a traveling salesman in an emergency .... Anyway, the risk comes in here: the instructions suggest that you first purchase a small number of cards to be sure they print correctly; you can later put in more money and print out a larger quantity if you like what you see. Then this: "The machine stores your information for several minutes." So, presumably, one could walk away from one of these machines with your cards reading "John Smith, Computer Consultant, 10 Takeita Way, Suckerstown, MD" and return from your business trip to find your house burgled of everything resembling a computer ... simply because someone went up to the machine after you left and printed out a set of their own. Or a woman could give away, unwittingly, her otherwise unlisted home phone number to a deep breather. And so on. Again, as with so many of the risks discussed here, there is a debatable amount of privacy invasion on what is basically public information ... but information that is given to people you would otherwise NOT want to have it. Postscript: another risk was illustrated here -- a sample "business card" inscribed with a semiliterate harangue along the lines of "You shouldn't park here, your license plate has been recorded by an anal-retentive mentally unstable person, and if you park here again a pickup truck with no insurance will wipe it back and forth along that nearby concrete wall." More or less identical in demeanor to the mail one gets for mis-posting. Three times as long, of course, and partly CAPITALIZED in TIME-HONORED Usenet NEWBIE style. Yet I believe that such a card, slipped under someone's wiper, would constitute legal assault. (IANAL.) And these people are *advocating* this? Yikes. ------------------------------ Date: Wed, 21 Jul 93 21:17 PDT From: lauren@cv.vortex.com (Lauren Weinstein) Subject: Re: Earthquake "early warning" systems Living here in the L.A. area, where earthquakes are certainly more than an academic concern, I can't help but question the usefulness of a warning system that gives, perhaps, 15 to 30 seconds of panic time. And I do mean panic time--because that's what most people would do. Primarily, most folks would probably try to rush out of buildings (just like they do when quakes start, even though they should know better). Lots of them will get out the door just in time to get hit by falling debris when the quake hits, which they could have avoided if they had just stayed inside. That's all assuming that the quake *does* hit. If the alarm is false, you can bet that the *next* time the alarm fires it will be generally ignored--for better or worse. One can certainly argue that the solution is education and training and such--but human nature being what it is, you can bet that if people believe the alarm, most of them are going to do pretty much the wrong thing in response, especially when the duration in which to act is very short. The real effort should go into upgrading of older buildings that predate modern earthquake area construction standards-- it's with those buildings that most injuries and deaths are likely to occur. I'm reminded of an old "Saturday Night Live" skit. It was a fake commercial for a device passengers could carry on planes that would give them 10 seconds warning (or some such) of midair collisions. The guy is sitting calmly in his seat when the box starts beeping. He grabs it and stares at its display. He yells: "We're going to be hit by a 747! (SCREAM!)" --Lauren-- ------------------------------ Date: Sun, 25 Jul 1993 13:45:40 +0800 From: herzog@dobbs.eng.sun.com (Brian Herzog - SunSoft Product Engineering) Subject: Re: Earthquake `early' warning system (Stead, RISKS-14.77) >The most damaging waves will arrive no earlier than an average >velocity of 4.5 km/s. This would appear to give 45 seconds warning at 100 km. Er, my calculator says this would give 22 seconds warning at 100 km, which makes the economic feasibility of an early warning system even worse than stated. I do hope the quote above is a typical email typo, and not an accurate extraction from the California study! Brian Herzog ------------------------------ Date: Thu, 22 Jul 1993 13:47:26 -0500 From: sobiloff@lap.umd.edu (Blake Sobiloff) Subject: Re: Credit Cards on the Internet (I hope this doesn't sound too much like an advertisement...) Reiter's Scientific & Professional Books, a great bookstore in Washington, D.C., is now on the Internet and is accepting credit card orders over the Internet for book orders. Orders and inquiries can be sent to "books@reiters.com" while comments can be sent to "rbaker@reiters.com". I enquired about exactly how they wanted me to give them my credit card number, and they replied that they actually prefer to set up an account over the phone with the pertinent information, and then give you an account number. You then transmit the account number to them via email to place an order. They did not, however, reject the possibility of conducting business via email without voice verification. My suggestion to look into public key encryption went unanswered... Blake Sobiloff, Laboratory for Automation Psychology, Department of Psychology University of Maryland, College Park, MD 20742-4411 ------------------------------ Date: Thu, 22 Jul 93 12:56:26 EDT From: nandu@cs.clemson.edu Subject: Credit Cards on the Internet This is further to the ongoing discussion on using credit cards over the internet. To ensure security and escape the (possibly) prying eyes of administrators at the sites through which a mail (ordering a product to be paid through a credit card) passes, the sender could encrypt his/her request. The key used for encryption could be a special INTERNET PIN that the credit card company assigns while issuing the card, just like the one assigned for ATM transactions through the card. at the receiving end, the dealer simply forwards the mail to the credit card company and waits for authorization from them. the dealer does not know the card number since the mail is encrypted. the credit card company could decrypt the mail, since they know the sender's name and maybe the ZIP code (of course when the mail is encrypted, this information should not be) and hence can find out the card number and the special INTERNET PIN. once they decrypt the mail, they can verify if the original sender listed the correct card number in his/her mail. once verified, they can authorize the dealer to accept the request depending on the cost of the product and the balance on the customer's account. Nandakumar Sankaran, G34, Jordan Hall, Clemson University, Clemson, SC 29634 (803) 656 6979 nandu@cs.clemson.edu ------------------------------ Date: Thu, 22 Jul 93 20:17:46 CDT From: matt@severian.chi.il.us (Matt Crawford) Subject: Re: Credit Cards on the Internet (Robinson, RISKS-14.77) > (1) Soliciting CC transactions might violate the Acceptable Use > Provisions (doesn't apply if your feed is from a commercial > internet connection.) I believe the parenthetical remark is quite incorrect. Traffic on sponsored networks must conform to the AUPs, even if it originates on a commercial net. I know I received a couple of solicitations out of the blue from people who didn't understand this, and who now know better. Matt Crawford ------------------------------ Date: Wed, 21 Jul 93 16:26:48 -0700 From: Mark Seecof Subject: Seecof's reading ability Despite Bidzos' attempt to bolster his DSS royalty defense by attacking my literacy (he's wrong, BTW) and by weaseling that a "royalty" is not a "tax" (I only said an unavoidable royalty "amounted to" a tax) I think he fails to show that my comparison of NIST/PKP's proposal to a tax is invalid. Bidzos could have argued that it was overdrawn, less apt than another analogy, or even wrong on some concrete grounds. But his complaints are weak if strident. And talk about charging for DSS implementations rather than uses (at least for the nonce) draws a distinction without a difference. The U.S. taxes bottles of liquor, not individual drinks poured at home, but economists will agree that you pay every time you swallow. Whether a tax is mills per ton or dollars per ounce is not the point, anyway. As for that $1 per certificate... Bidzos says users won't pay it--I think he's wrong. Users pay for everything in the end. Also, the stuff about "free for government use" is smokescreen. It's private use that matters, including, especially, private use to communicate with the government. I cannot find, even by the closest scrutiny of the NIST/PKP announcement, any promise to relieve users of royalties on products they use to communicate with the government. (Possible loophole: gov't could supply DSS implementations to users royalty free; but that would depart from custom.) Mark Seecof ------------------------------ Date: Tue, 27 Jul 93 08:59:08 BST From: Jeremy.Jacob@prg.ox.ac.uk Subject: Dependability conference; call for participants Institute of Mathematics and Its Applications Conference on THE MATHEMATICS OF DEPENDABLE SYSTEMS 1--3 September 1993 Royal Hollway, University of London, Egham, Surrey, England Invited speakers: Prof. David Parnas (McMaster University) Dr. Charles Pfleeger (Trusted Information Systems (UK)) Dr. John Rushby (SRI International) Mr. Martyn Thomas (PRAXIS) Conference fees (pounds sterling), includes lectures, abstracts, coffee, lunch and tea: IMA members #185.00 Non-members #245.00 IMA student members #145.00 Student non-members #185.00 Residential fees (pounds sterling), includes bed, breakfast and dinner for 3 nights: #110, #130 or #150 depending on accommodation booked. Further details are available from: Mrs Pamela Irving, Conference Officer The IMA, 16 Nelson Street, SOUTHEND-ON-SEA Essex SS1 1EF England Telephone: +44 702 354020 Facsimile: +44 702 354111 ------------------------------ Date: Mon, 26 Jul 93 08:13:27 -0700 From: leveson@cs.washington.edu (Nancy Leveson) Subject: High-assurance software courses Announcing two courses in high assurance Software: An Introduction to Software System Safety, Oct. 25-27 Nancy Leveson A Tutorial on Software Testing, Oct. 28-29 Debra Richardson Location: University of California, Irvine, CA AN INTRODUCTION TO SOFTWARE SYSTEM SAFETY, Oct. 25-27 In order to ensure and certify that software will execute without resulting in unacceptable risk, changes to normal software development practices are necessary. This tutorial will focus on the unique problems involved in building safety-critical software and describe some techniques that can be used to enhance the safety of software-controlled systems. Emphasis will be on procedures and techniques that are practical enough to be applied to projects today. Real-project experiences with these techniques in different application areas will be described. Topics: Basic Principles of Risk Basic concepts in risk Why technological fixes may not reduce risk Using past experience to prevent future accidents How safe is safe enough? Do computers reduce or increase risk? System Safety Engineering and other Approaches to Engineering Safety What is system safety The system safety process and tasks Software system safety Application-specific approaches Standards Management Issues for Safety-Critical Projects Instituting a safety culture into the organization How management contributes to accidents Role of safety management (including software) Place in the organizational structure General process (for small and large organizations) Documentation Cost and resource requirements Models of Accidents and Hazard Analysis General types of analysis techniques Limitations and sources of uncertainty Software Hazard Analysis Software Requirements Analysis Qualitative vs. quantitative analysis Principles of Safe Design The design process Issues in safe design The relationship between software design and safe system design System safety design techniques and their application to software design Software safety design analysis Verification and Validation of Safety Testing for safety Static software analysis including Software Fault Tree Analysis Design of Human/Machine Interaction for Safety The role of humans in accidents The role of the HMI in accidents The need for and role of human operators in automated systems Human error models General design principles and approaches Software design issues A TUTORIAL ON SOFTWARE TESTING, Oct. 28-29 The intent of this tutorial is to equip managers, software engineers, and test engineers with an understanding of testing technology to enable them to promote software testing in their organizations from an ad hoc, labor intensive, error-prone activity to a disciplined, technology-supported process. Emphasis is on techniques that are practical today. Some underlying testing theory will be presented to provide a foundation for evaluating testing technology, and several new approaches will be discussed. Issues of selecting complementary techniques and integrating them to achieve a comprehensive testing process are also addressed. Topics: Software Testing Principles Definitions and basic principles Testing concepts Psychological factors Economic impacts Managerial Considerations Views of software testing Contributions to quality Testing phases and activities Test Planning Goals and objectives Developing a test strategy Test specifications and procedures Evaluating and reporting results Test process improvement Proactive Software Testing Technical Reviews Rapid Prototyping Software Testing Techniques Functional testing Structural testing Error-Oriented testing Integration testing Software system testing Evolution testing Developing test oracles Tools and Environments Static/dynamic analysis tools Test generation tools Test Management tools Methodology and Process Hybrid testing techniques Technique integration Formalized process Test Set Adequacy and Metrics A theoretical view Software metrics in testing Process Assessment/Improvement Process performance measures Test process assessment Improving the testing process [For bios of Leveson and Richardson, and registration information, send E-Mail to leveson@cs.washington.edu (Nancy Leveson).] ------------------------------ Date: Sat, 24 Jul 93 17:02:26 BST From: Pete Mellor Subject: CSR Workshop 1993 CSR (Centre for Software Reliability) TENTH ANNUAL WORKSHOP CO-HOSTED WITH JUSE Japanese Union of Scientists and Engineers APPLICATION OF SOFTWARE METRICS AND QUALITY ASSURANCE IN INDUSTRY PROVISIONAL PROGRAMME Supported by the CEC under the Human Capital and Mobility Programme The Grand Hotel, Oudezijds Voorburgwal 197, 1001 EX Amsterdam, The Netherlands 29th September - 1st October, 1993 CENTRE FOR SOFTWARE RELIABILITY Tenth Annual Workshop Application of Software Metrics and Quality Assurance in Industry WEDNESDAY 29TH SEPTEMBER 08.30-0930 REGISTRATION AND REFRESHMENTS Chair: Norman Fenton, City University, UK 09.30-10.30 Keynote Address: "Applying the Goal/Question/Metric Paradigm in the Experience Factory" Vic Basili, University of Maryland, USA 11.00-13.00 Tutorial: "Management Aspects of Software Reuse" Sadahiro Isoda, Nippon Telegraph and Telephone Corp., Japan 13.00-14.15 LUNCH Chair: Bev Littlewood, City University, UK 14.15-15.15 Keynote Address: "Now it's the turning point for the Japanese Software Industry" Yoshinori Iizuka, The University of Tokyo, Japan 15.45-17.45 Tutorial: "Setting up a Software Metrics Programme in Industry" Shari Lawrence-Pfleeger, Systems/Software, USA and City University, UK THURSDAY 30TH SEPTEMBER Chair: Robin Whitty, South Bank University, UK 09.00-09.30 "The Role of Quality Staff in Software Development" Masanobu Hattori, Fujitsu Ltd, Japan 09.30-10.00 "Making Software Metrics and QA happen: practical experiences in Italy" Gualtiera Bazzano, ETNOTEAM, Italy 10.00-10.30 "Product Development and Quality Assurance in the Software Factory" Katsuyuki Yasuda, Hitachi Ltd., Japan 11.00-11.30 "Industrial Experience - Working with AMI" Richard Espley, GEC-Marconi Avionics Ltd., UK 11.30-12.00 "Software Measurements - an Evolutionary Approach" Norbert Fuchs, Alcatel, Austria 12.00-12.30 Title to be announced Karl-Heinrich Mueller, Siemens, Germany 12.30-14.00 LUNCH Chair: Yoshinori Iizuka, University of Tokyo, Japan 14.00-14.30 "Using Function Points for Software Cost Estimation - Some Empirical Results" Barbara Kitchenham, NCC, UK 14.30-15.00 "Evaluating Effort Prediction Systems" Claude Stricker, University of Lausanne, Switzerland 15.00-15.30 "Use of Function Points for Estimation and Contracts" Jolyn Onvlee, Onvlee Opleidingen, The Netherlands 16.00-16.30 "Quality Practice in the Industry" Roberto Ciampoli, O. Group SpA, Italy 16.30-17.00 "Beyond SEI's CMM - the BOOTSTRAP Approach for Profiling and Measuring Software Engineering Processes" Gunter Koch, 2i Industrial Informatics GmbH, Germany 17.00 PANEL DISCUSSION: "Do Quality Assurance Procedures Lead to Measurable Quality Improvements?" Tom Anderson, Bev Littlewood (CSR, UK) Vic Basili (Maryland, USA) Bill Hetzel (SQE, USA) Sinclair Stockman (British Telecom, UK) Yoshinori Iizuka (University of Tokyo, Japan) Toshiro Ohno (Toshiba, Japan) Mitsuru.Ohba (IBM, Japan), Ayatomo Kanno (Science University, Tokyo, Japan) 19.30 WORKSHOP BANQUET FRIDAY 1ST OCTOBER PARALLEL SESSIONS Chairs: Norman Fenton, Tom Anderson, Univ. of City University, UK Newcastle upon Tyne, UK 09.30-10.00 "Complexity Traces: an Instrument "Introducing Metrics into for Software Project Management" Industry:a Perspective on GQM" Christof Ebert, University of Richard Bache, Infometrix, Stuttgart, Germany UK, & Martin Neal, Lloyd's Register, UK 10.00-10.30 "Measurement through the Software "Practical Implementation Life-cycle: a Comparative Case of Process Improvement Study" Initiatives" Bob Cole and Derek Woods, Paul Goodman, Brameur, UK Glasgow Caledonian University 10.30-11.00 "Integrating Software Quality "A Case History of Automated Assurance into the Teaching of Incremental Improvement of Programming" Software Product Quality" Edmund Burke, University of Les Hatton, Programming Nottingham, UK Research Ltd., UK 11.30-12.00 "QUANTUM - A Measurement-based "Experience of Introducing Framework for Software Quality and Measurement in Quality Assurance" Telecommunication Software Development" Chris Miller, Praxis, UK Sinclair Stockman, British Telecom, UK 12.00-12.30 Title to be announced Title to be announced Francois de Nazelle, Yannis Kliafis, Greece Q-Sys, France 12.30-13.45 LUNCH Chair: Barbara Kitchenham, NCC, UK 13.45-14.45 "Measuring the Measurements: the Technology for Measuring Software Practice" Bill Hetzel, Software Quality Engineering, USA 14.45-15.15 "A Framework for System Development Activities and Responsibilities - Quality Improvement by filling up the Communication Gap" Minoru Itakura, Fujitsu Ltd., Japan 15.45-16.15 "Situational Measurement" Hans van Vliet, Vrije Universiteit, The Netherlands 16.15-16.45 "The Behavioural Analysis makes the Company Mature" Ryuzo Kaneko, NEC Corp., Japan 16.45-17.15 "Function Points" (exact title to be announced) Martin Hooft van Huysduynen, Ing Bank, The Netherlands [The full registration materials were too long for RISKS, and have been pared down. Request on-line registration information and other information by E-Mail from c.allen@csr.city.ac.uk , or contact Ms. Carol Allen, Centre Manager, Centre for Software Reliability, The City University, Northampton Square, London EC1V OHB UK, Tel: +44 71 477 8421, Fax: +44 71 477 8585] ------------------------------ End of RISKS-FORUM Digest 14.78 ************************