Subject: RISKS DIGEST 16.01 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 2 May 1994 Volume 16 : Issue 01 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Vandalism disrupts service at UK University (Peter Ladkin) Subjectively, it's eerie (Phil Agre) Miniature cameras on Sacramento-area alarm systems (Dan Zerkle) DIA delays due to programmers, mayor implies (Bear Giles [2]) Re: DMV Computer upgrade goes awry... (Shel Kaphan) Re: Unusual Newspaper Error (Stewart Rowe, David Wittenberg, Daniel B. Dobkin) Re: MIT student arrested for BBS ... ( Fredrick B. Cohen) "The Streetwise Guide to PCs" by Jerome/Taylor (Rob Slade) Computer-Aided Verification 94 Conference Announcement (David Dill) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Sat, 30 Apr 1994 11:35:23 +0200 From: Peter Ladkin Subject: Vandalism disrupts service at UK University Early on Monday 18th April, a vandal exploiting a not-unknown security hole started disrupting services and corrupting files at Stirling University in the UK. Stirling University is a SuperJanet site, with a microwave link to Edinburgh. The entire site was affected. I was working intensively with a colleague in Stirling at the time. My experience was that the site was unreachable by Internet services for over 24 hours, and that telnet and ftp services were seriously degraded for 3-5 days. Email service was unavailable for 2-3 days. It would be conservative to estimate that at least 6 person-weeks of expert time were required to discover and repair the damage. I cannot assess the amount of disruption, not only in terms of work time lost but in terms of reorganising one's planned work time, to users of the systems. It must be considerable, if my experience is any guide. Someone believed to be the vandal, and a member of the University, was identified I believe on Tuesday 19th. I understand he is no longer on University premises, and the University authorities are considering what further action is required. Because of possible legal proceedings, I'll identify my sources of information and exactly what they said in an Appendix. In a separate submission, I'll offer a few comments of my own on this incident. I had been a member of the Stirling Department of Computer Science and Mathematics for 18 months up until April 94. Knowing that it was an `inside job', I queried a colleague as to whether more than one member of the department knew the suspect. The answer was yes. >From this information alone, I was able to identify my own suspect X, and ask whether X was any longer around, or whether anyone expected to see him back. The answer confirms to me with high probability that X is the suspect. (I note that nothing has been proved concerning X.) If X did it, the process by which he came to it would be interesting, both for psychologists and for those who wish to secure their systems against corruption. [I'll drop the conditional and use the indicative, for stylistic not semantic reasons. Readers should reinsert it, since nothing has been proven against X.] And it provides a cautionary tale that shows how vulnerable we all are. After the fact, I can guess who X is with a bare minimum of hints. However, before the act, only X's therapist, if he had one, is likely to suspect that anything may happen. And of course, in any case if he had been able to communicate his feelings to anyone sympathetic or understanding - but otherwise uninvolved - the chances are that the incident would not have happened. It's a very self-destructive act. Playing with computers is an important part of X's life, and indications are that he was good at it and liked it. Now, no one but no one is likely to offer him a job doing it. A major part of his life is in ruins. Despite all else, I can feel some sympathy for what must be his current plight. It isn't even zero-sum. Everyone has lost in a big way. [And it must be far, far worse for him if he's not the culprit!] Peter Ladkin Appendix: Sources of Information. I talked to the Senior Computer Officer of the Department of Computing Science and Mathematics by phone on Tuesday 19th. He confirmed that the Stirling site was off the Internet on Monday, that disruption started early Monday morning, luckily just after Computer Science had made backups of their subnetwork of systems. He confirmed an estimate of at least 3 person-weeks of the DCSM staff, and suggested at least an equal number for Computing Services staff, to identify damage and effect some repair. He said that the disruption was caused by someone exploiting a not-unknown system weakness, and that a suspect who was a member of the University had been identified and removed from the site. He identified the gender of the suspect by his choice of pronoun. He gave no further information, citing administrative and legal responsibility. I talked to one member of the Department of Computing Science and Mathematics, who confirmed that a suspect was known to more than one member of the Department, and that he (male) was identified through a piece of `luck'. Peter Ladkin, CRIN-CNRS & INRIA Lorraine BP 239 54506 VANDOEUVRE-LES-NANCY FRANCE (+33) 83 59 20 14 (Msgs 20 00) Peter.Ladkin@loria.fr ------------------------------ Date: Sun, 1 May 1994 13:05:12 -0700 From: Phil Agre Subject: Subjectively, it's eerie ,In the 5/1/94 Sunday New York Times, the Business section includes one of those nice experiential articles about new technology, in this case a Ford with DSP circuitry in it that makes the inside of the car sound like a cathedral (concert hall, night club, opera house, stadium, etc). The full reference is: Hans Fantel, A recital hall on wheels, New York Times, 1 May 1994, Business section page 7. Here is a brief quotation: "Subjectively it's eerie. Sitting inside this hologram, I felt bathed in music, virtually forgetting where I was. Engine and traffic noises faded from awareness. The car somehow seemed like a space capsule. I was gliding along, swathed in Puccini, while outside the harried scenes of Manhattan rolled by like a silent movie." On the same page is another article about plans by the US government and Rockwell International for "intelligent vehicle highway systems". Phil Agre, UCSD ------------------------------ Date: Sun, 1 May 94 00:35:54 PDT From: zerkle@cs.ucdavis.edu (Dan Zerkle) Subject: Miniature cameras on Sacramento-area alarm systems The April 24 edition of the Sacramento Bee (page B5, staff writer) publishes a story about a miniature camera that will "revolutionize" the Sacramento area security alarm industry. Some important points of the article: A miniature "camera on a chip," about the size of a postage stamp, is attached to an alarm system. When the alarm is tripped, the camera sends four pictures back to the the alarm monitoring service. Presumably, the pictures are digitally encoded and sent through some sort of modem. The first picture arrives twenty seconds after the alarm is tripped. Police are particularly excited about this because it will let them use the pictures to detect false alarms. The system is intended to be used in a wide variety of businesses, and also residencies. The photographs will be usable as evidence in court against robbers and burglars. The camera is so small that it can be easily hidden anywhere. It is also inexpensive -- one third to one half the cost of a closed-circuit video camera. "The pictures come out pretty clear," according to a police communications supervisor. The device was developed by Automated Security Holdings in England, licensed to TVX Inc. of Broomfield, Colorado, and test-marketed by Roseville Telephone (near Sacramento). ..... The risks? Many. Here are a few: It only takes four pictures, which are presumably freeze-frames. A burglar may trip the alarm yet not be photographed (perhaps going by the camera between pictures). The alarm agency or police may see that the pictures don't show anything, and thus believe that it is a false alarm. They may then decline to respond or may respond inappropriately. This is a perfect spy device, and will be easily available at a price less than a simple video camera. The potential abuses of such a device are many, but employee monitoring is one. Your boss could point one at your work area to watch you, and you'd never know. A hidden security camera is really a spy camera, equivalent to an audio bug. In fact, the article mentions that it could be used against internal thefts. If someone says the pictures are "pretty" clear, that means that they aren't entirely clear. If police trust pictures too much, the potential is there for police to misidentify a suspect (based on a picture), but firmly believe that they are right. This is especially likely if the pictures are monochrome. As the first picture arrives in twenty seconds, they are certainly low resolution (consider connection time for the modems). A camera in my residence? What if it starts sending pictures back to the alarm company at random? What if some voyeur at the alarm company figures out how to get pictures whenever he wants? Most people who have these alarm systems will not know how they work, so they won't be aware of these risks. A remote digital camera would be useful in some situations. For instance, it could send pictures of a bank robber holding a gun, so that the police could more easily identify a suspect. The main risk here is (again) too much trust in the technology. Also, there's not a great need to hide a security camera. You generally want potential crooks to know they're being monitored. Dan Zerkle zerkle@cs.ucdavis.edu ------------------------------ Date: Sat, 30 Apr 1994 11:21:16 -0600 From: Bear Giles Subject: DIA delays due to programmers, mayor implies The Saturday, 30 April 1994 issue of the _Rocky Mountain News_ (and probably every other paper within 500 miles) had a massive front page story on the utter failure of the luggage system during tests at Pena International. (IMHO these design failures have reached the point where the current Secretary of Transportation needs to answer some questions.) Apparently, Mayor Webb is considering an *indefinite* delay, at the request of the hub airlines United and Continental. Of interest to comp.risks readers are the following paragraphs from the article: Webb, who has regretted setting -- and missing -- other airport deadlines during his three years in office, said other one isn't a good idea. Although deadlines motivate some people, they don't work well for computer programmers who must fix what is wrong at DIA, he said. Strictly speaking, this is probably true. The incredible design flaws (e.g., designing the airport to use an untested luggage transportation system with *no* fallback capability) and construction snafus (e.g., the "messy" power system despite contractual agreements to provide a "clean" power feed, leading to significant delays while BAE scrambled to find power filtering equipment) leave software as the only practical way of getting out of this mess. And very few experienced programmers would tolerate the same people who have screwed up things to this extent trying to impose an unrealistic deadline on them now... ... but Joan Q Public will undoubtably read this as yet another example of computer software screwing up the system. It's the 90's -- your dog didn't eat your homework; the software garbled it! It's almost enough for me to move 30 miles so I can vote against Webb in the next election. :-) Bear Giles bear@cs.colorado.edu/fsl.noaa.gov ------------------------------ Date: Sat, 30 Apr 1994 15:33:11 -0600 From: Bear Giles Subject: More on DIA fiasco Reading later articles (there were several pages of DIA coverage today, not just Mayor Webb's flamebait), it appears the scapegoat du jour for the DIA delay is the "buggy software" that reads the bar codes in the luggage and determines where to send the cart. A fascinating (for the wrong reasons) newspaper article included such interesting factoids as: Software -- essentially the brains of a computer system -- is so complex that a misplaced comma or an omitted semicolon can crash entire computer systems. Even the smallest error can cause a ripple effect that turns into a tidal wave of the kind that swamped AT&T's main switching system several years ago and shut down nearly 90% of the phone company's domestic long-distance operations for hours. Strange how us computer types have never figured out how to check for syntax errors like this. (Compilers can't catch all such errors, but that's why we set up human checks like coding standards and code walkthroughs.) The BAE system employs laser scanners that read bar-coded labels placed on baggage. Experts say that means the BAE computer system probably employs real-time, numerical-control software. Hmm... doesn't "numerical control" refer to machining equipment? At Louisville-based Storage Technology Corp., such software is a key feature of the company's robotic tape library storage systems. "What they are probably seeing, and I saw it many times, is that you fix one problem and you're just peeling back a layer of the onion," said Mark Hopkins, an engineering manager for StorageTek. Which explains why Iceberg has been such a successful product. Strangely absent from the article is the reason Denver (or BAE) decided to build a system which reads tags on luggage (which can be oriented in an arbitrary direction) instead of reading permanent tags on the cart itself. The latter case would require keeping track of what luggage is in which cart, but eliminates all of the headaches of reading the tags on the luggage itself. (Hmm, the wording of a newspaper graphic implies that a copy of the luggage tag may be placed on the cart as well, but its alignment may not be perfect.) Even stranger was an item in another article which identified "gaps" in the tracks as a biggest problem right now (the software being a bigger long-term problem). It seems the wheels on the cart are falling into gaps between sections of track, causing jams or derailments. (Failing luggage is a serious construction worker hazard.) This is truly bizarre since the luggage system is in a protected environment, located in underground tunnels. For the tracks to be damaged by "vibration" caused by a couple limited tests implies that this infrastructure was *seriously* underdesigned. Bear Giles bear@cs.colorado.edu/fsl.noaa.gov [Various articles also noted by greg@imsl.com (Greg Holling), who also contributed similar analyses. Greg, thanks. PGN] ------------------------------ Date: Fri, 29 Apr 1994 21:11:15 -0700 From: sjk@netcom.com (Shel Kaphan) Subject: Re: DMV Computer upgrade goes awry... SACRAMENTO - The California Department of Motor Vehicles has informed a flabbergasted legislative committee that it has spent $44.3 million on a computer modernization program that will never work. ... Note that this amount of money is approximately equal to the $50M per year in highway funding that the federal government has been withholding from California because we have not yet instituted the rule that anyone caught in possession of any amount of any illegal drugs or prescription drugs without a prescription will have their driver's license suspended for six months. That's whether you're driving at the time or not. According to the SJ Mercury News a week or two ago, the CA state legislature is most unlikely to put off adoption of this rule any longer, presumably at least in part because of the effect of recent disasters on highway construction budget requirements. Even without the DMV debacle the state might have decided to do this, but perhaps one can hold them partially responsible for the declining quality of legislation these days. Shel Kaphan sjk@netcom.com ------------------------------ Date: Thu, 28 Apr 1994 13:47:28 -0400 From: "Stewart Rowe" Subject: Re: Unusual Newspaper Error In Risks 15.79 I asked: >Perhaps one of your readers can explain how the Midwest edition of *The New >York Times* today had a photo on the front page with the caption. "Joseph P. >Kennedy Jr. being arrested at the White House yesterday", with no further >explanation or story anywhere in the paper? Several respondents have reported that, in the Metro edition, the explanation was found in three paragraphs at the end of the adjacent story about Haitian refugees. Apparently these paragraphs were cut by the person who made up the continuation page in the Midwest edition, leaving Joe Jr. hanging there on page 1. (Yes, I checked back and they are not there in my copy). Stewart Rowe usr2210a@tso.uc.edu ------------------------------ Date: Wed, 27 Apr 1994 10:31:19 -0500 (EDT) From: David Wittenberg Subject: Re: Kennedy arrest According to the "Boston Globe", Congressman Kennedy and several other colleagues (7 or 8?) were arrested for demonstrating in protest of the US government's policy on Haiti. The arrests were made by the Park Service police. My guess is that the congressmen had every intention of getting arrested as a way of increasing publicity. The error was in a correct, but misleading caption. We usually assume that when a politician is arrested it is unintentional. --David Wittenberg dkw@cs.brandeis.edu ------------------------------ Date: Thu, 28 Apr 94 16:51:23 EDT From: "Daniel B. Dobkin" Subject: Re: Unusual Paper Error (Rowe, RISKS 15.79) For what it's worth, my wife asked the same question, and she was looking at the New York Metro/Suburban edition. While I can't speak with any real authority about the Midwest (national) edition, I will say that in my experience the first page doesn't change much; the big difference is in the metro section: the national editions don't carry the local stories. The picture with the caption ("Joseph P. Kennedy Jr. being arrested at the White House yesterday") accompanied the story about the Administration's policy on Haiti. While there was no mention of Rep. Kennedy anywhere in the story, it did state that (quoting from memory) "four members of the House of Representatives were arrested during a protest at the White House." To my eye, this is sloppy copy editing, not a bona fide technology blunder.... The technology does seem to encourage such sloppiness, though, a fact to which our moderator (and the RISKS archives) will bear witness. \dbd ------------------------------ Date: Tue, 26 Apr 94 16:16:01 PDT From: Fredrick B. Cohen Subject: Re: MIT student arrested for BBS ... (Cohen, RISKS-15.76) Sorry - I was mistaken when I claimed that LaMacchia was arrested. The correction noted by Tim Shepard and Douglas Rand in RISKS-15.79 was accurate. As to the issue of his intent to pirate software, that was not the charge against him. It was wire fraud! I have read the copy of the indictment and commentary and I find this awfully strange. Furthermore, I find little if any substantive evidence of intent to pirate software in my reading of the quotes from the indictment. If you assume he is innocent and ask yourself if these comments could have been innocently made by a person of that age in that environment, you may find that the assertion of guilt is not warranted. FC ------------------------------ Date: Mon, 02 May 1994 12:50:25 -0600 (MDT) From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067" Subject: "The Streetwise Guide to PCs" by Jerome/Taylor BKSTRTPC.RVW 940118 Addison-Wesley Publishing Company Heather Rignanesi, Marketing, x340, 73171.657@Compuserve.com P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario, M3C 2T8 CANADA telephone 416-447-5101, fax: 416-443-0948 or Tiffany Moore, Publicity tiffanym@aw.com Bob Donegon bobd@aw.com John Wait, Editor, Corporate and Professional Publishing johnw@aw.com Tom Stone, Editor, Higher Education Division tomsto@aw.com Philip Sutherland, Schulman Series 74640.2405@compuserve.com 1 Jacob Way, Reading, MA 01867-9984 800-822-6339 or 617-944-3700, Fax: (617) 944-7273 5851 Guion Road, Indianapolis, IN 46254, 800-447-2226 "The Streetwise Guide to PCs", Jerome/Taylor, 1993, 0-201-60839-1, U$14.95 Those of us who have been around the computer world for any length of time have seen a great many "How to Buy a PC" seminars, articles and user group meeting talks. They generally offer a lot of helpful advice and useful information for the novice. I have, however, often noted personal bias being delivered with the same force and weight as known and tested fact. The neophyte generally comes away with a much better knowledge of the computer market--but also with a number of unsubstantiated prejudices. Here, then, is a book on the same topic. Containing far more material than any one-hour talk or magazine article, it nevertheless has some of the same tone. Those wise in the ways of computer purchasing will many times breathe an "Amen!" to much of what is here. There are also, however, personal biases and blind spots that the newcomer will have difficulty recognising. Chapter one is a general diatribe against the industry as a whole. As vitriolic as it may sound to the newcomer, the authors may, in fact, be *under*stating the case. Chapter two states that software is central to the whole process, and gives tips for evaluating the major applications. The remaining eight chapters are devoted to hardware. There are some easily identifiable oddities. The statement that Windows' management of resources makes things easier obviously comes from someone who has never had to check the five completely different print menus under Windows to find out why nothing is coming off the printer. Some items seem to be subject to time lag, as with the insistence that 386 and 486 CPUs are maker- independent. (This might have been true earlier, but the 486 market is now an utter shambles.) The authors still cling to their claim that all surge protectors are created equal. I found the section on virus protection to be fairly reasonable--except that they still get the Stoned message wrong, think all scanners are equally effective, and don't know about shareware scanners. In fact, shareware doesn't get much of a shake in spite of the railing against overpricing and software bloat. In addition, some of the recommendations for protection may give a false sense of security. The authors frequently repeat the refrain that one should never by anything with cash or cheque: put it on a credit card so that you will have some fallback. The use of a credit card, however, does *not* necessarily protect you. Once you sign the charge slip, you are committed to honour that debt. The credit card company *may* choose to reverse the charge and not pay the merchant, but that is at *their* discretion, and they are not automatically on your side. (The credit card company may take several months even to decide whether or not to reverse the charge: the representatives I talked to, at the credit card service office, the local bank, the head office complaint department and the head office PR office refused to give any upper bound or time limit for a decision. The PR department initially stated that paying by card was the same as paying by cash, but refused to answer when asked to comment specifically about the case of defective equipment.) You really are alone out there: I recently checked up on the Better Business Bureau, and found that while the technology the BBB is using for phone access to reports is impressive, the reports themselves are less so. A company which has had several disputes in the past, and has a current dispute outstanding, is listed as being in "satisfactory" standing, and the BBB had "received no complaints" during its existence. The BBB also had a chance to respond to this and indicated that it was because of their "standard reporting language" imposed from head office. (BBB is a franchise.) Complaints are not entered into the automated system until proven, beyond doubt, to be "valid": the consumer is not allowed an opportunity to respond to the final offer from the merchant. Decisions on validity are made by the BBB. The BBB is paid by the vendor. The conclusion is left as an exercise to the reader. (The General Manager of the local BBB stated that more detailed information is available from the counselors, although this is not made at all clear from the automated system. I checked this out later, and it turns out not to be the case. She also stated that most people deal with the counsellors rather than the automated system, which doesn't surprise me in the least.) In the absence of any better, though, this book is to be recommended for beginners *before* they buy a computer. One of the particularly nice features is a sample advertisement introducing every chapter and dissected for "lies". Get some street smarts before you go buy a PC. And never buy anything on the spot. copyright Robert M. Slade, 1994 BKSTRTPC.RVW 940118 DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '95, Toronto, ON, February 13-17, 1995, contact: rulag@decus.ca ------------------------------ Date: Mon, 2 May 94 11:42:09 PDT From: dill@hohum.stanford.edu (David Dill) Subject: Computer-Aided Verification 94 Conference Announcement CONFERENCE ANNOUNCEMENT Conference on Computer-Aided Verification CAV 1994 Stanford University, June 21-23, 1994 The Sixth Conference on Computer-Aided Verification will be held June 21-23 at Stanford University. The conference will be followed on June 24th by a one-day workshop on practical aspects of computer-aided formal verification. CAV 94 is sponsored by a group of companies with a strong interest in the topic area: AT&T, IBM, Intel, Motorola, Redwood Design Automation and Sun Microsystems. [...] FURTHER INFORMATION: You can send electronic mail to "cav@hohum.stanford.edu" if you want registration information, a copy of the program, or further information about the conference. ------------------------------ Date: 15 April 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 15 is in that directory: "get risks-15.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 14, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00. "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. risks-15.75 gives WAIS info. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.01 ************************