Subject: RISKS DIGEST 18.24 RISKS-LIST: Risks-Forum Digest Tuesday 2 July 1996 Volume 18 : Issue 24 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Workmen strike at CERN (Al Smith) Ariane 5 Crash due to Faulty Software? (Andy Fuller) c4i-pro The Millennium comes early to GPS (Joe Gwinn via Tom Briggum ...) Police Computer Stolen (David Kennedy) Automatically generated typos in online Sydney Morning Herald (Tom McDermott) Grammar checkers (John Colville) The computer is always right - again (Hugh J.E. Davies) Metro Machiniste leaves train for coffee (Boyd Roberts) Blackmailing financial institutes - a real life story (Frank Rieger) Re: DoD and IRS tax systems (Dennis G. Rears, Scott A. Renner, Carl Minie) Digital Precipice: What the computer trade hides from their customers (Kirsten Raach on Markus Gaulke's book) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 26 Jun 1996 15:19:59 +0200 From: Al Smith Subject: Workmen strike at CERN After a shutdown of 6 months during which the LEP vacuum system was opened at many locations, the accelerator was started up on 14 June 1996. After 5 days of machine studies it became clear that there was an obstacle inside the LEP vacuum chamber close to Point 1. On the morning of 19 June the vacuum system was opened and 2 empty beer bottles, some 5 metres apart, were found inside the beam pipe. This incident has caused a 5 day delay in the setting up of the accelerator and will result in a reduction of about 10% of the time available for running LEP2 at the W pair production threshold (161 GeV) in 1996. ------------------------------ Date: Fri, 28 Jun 1996 09:11:45 -0400 From: Andy Fuller Subject: Ariane 5 Crash due to Faulty Software? According to the 24-30 June issue of *Space News* the 4 June 1996 explosion of the Ariane 5 rocket was caused by software in the inertial guidance system. Apparently an inertial platform from the Ariane 4 was used aboard the Ariane 5 without proper testing. When subjected to the higher accelerations produced by the Ariane 5 booster, the software (calibrated for an Ariane 4) ordered an "abrupt turn 30 seconds after liftoff", causing the airframe to fail. The article notes that a request to test the inertial platform under conditions similar to those produced by the Ariane 5 was "vetoed by CNES for budgetary reasons." Sextant Avionique, the builder of the inertial platform, has since performed these tests and confirmed that it would fail in an Ariane 5 launch. We are again reminded that crashing a simulator is lots cheaper than crashing a vehicle. Andrew C. Fuller Raytheon E-Systems | Box 12248 | St. Petersburg, FL 33733 acfa@eci-esyst.com (813)381-2000 x3194 | Fax:(813)381-3329 ------------------------------ Date: Thu, 27 Jun 1996 09:36 -0500 (EST) >From: tom_briggum@ccmail.nctamslant.navy.mil Subject: c4i-pro The Millennium comes early to GPS [Via Bruce_Walter@ccmail.orl.mmc.com and Bob Schaefer ] "tom briggum" Don't know the validity of the following, but it sounds authentic to me. Talk about your major C4I problem! ... Tom Briggum >From: gwinn[SMTP:gwinn@ed.ray.com] Sent: Wednesday, June 26, 1996 11:48 AM To: osswgx Subject: The Millennium comes early to GPS I have good news and I have bad news. The good news is that GPS will not have a "Year 2000" problem. The bad news is that GPS System Time will roll over at midnight 21-22 August 1999, 132 days before the turn of the millennium. On 22 August 1999, unless repaired, many or all GPS receivers will claim that it is 6 January 1980, 23 August will become 7 January, and so on. I would expect that some manufacturers have already solved the problem, but many have not. The details: Section 3.3.4(b) (page 33) of the ICD-GPS-200 rev B (30 November 1987 issue) states that the GPS Week count starts at midnight 5-6 January 1980 UTC (Julian Date 2,444,244.500), and that the GPS Week field is modulo 1024. This means that the week count will roll over 1024/52= 19.69 years from then, or in 1980+19.7= 1999, only a few years from now. Specifically, first rollover will occur at Julian Date (2,444,244.5 + 7*1024)= 2,451,412.500, which is midnight 21-22 August 1999 UTC. I could find no mention of any field in any GPS message that would tell you which 1024-week cycle you were in. In the July 1993 update of ICD-GPS-200, a note has been added (also on page 33) saying that the week number *will* roll over, and that users must account for this, but no way to accomplish this is mentioned. I take this note as further evidence that there is no way to tell, given only the signal-in-space definition as of July 1993. I have gotten some e-mail traffic indicating that, just as I had suspected, some manufacturers did realize that GPS would soon roll over, and were keeping it to themselves in the hope that the others would fall upon their swords. Not pretty. Our supplier was dumbfounded when I raised the issue, couldn't stop thanking me for pointing it out years before rollover. They clearly feel that it could have been a life-threatening disaster for them. Every GPS-related product they had ever made would have come back for repair, under warrantee, all at once. Too close for comfort. And, discovered by luck. The firmware in all older units will have to be replaced. This would involve replacement of PROMs; some are socketed, some are soldered. New units presumably will know better than to claim dates from before they were manufactured, and/or will allow the user to directly or indirectly tell the firmware which 1024-week cycle to assume, without requiring replacement of that firmware at the second rollover, in 1980+(2*1024/52)= 2019 AD. Some of this equipment will still be in use then, long after the manufacturer has forgotten the product. However, in spite of everything, not everybody will get the message, so system software will forever have to have an independent idea of what year it is, to know when to disbelieve a receiver or receivers (they could all be wrong), and to handle arguments between various GPS receivers (if only some are wrong). Without a GPS Simulator, there is no way for users to test a GPS receiver for this problem. All most users can do is to ask their manufacturer for a solution, and also to imbue the system software with a suitable degree of skepticism about GPS receivers' sense of time. My intent in posting this note is to alert the entire industry to the problem, allowing it to be solved with minimal disruption to all. As a technical matter, the solution is quite simple. It's the logistics that will take some years. Joe Gwinn ------------------------------ Date: 01 Jul 96 18:31:12 EDT From: David Kennedy <76702.3557@CompuServe.COM> Subject: Police Computer Stolen Courtesy of PA News via CompuServe's Executive News Service: POLICE COMPUTER SNATCHED FROM DETECTIVE'S CAR PA News 30 Jun 1996 Police Computer Stolen By Tim Moynihan, PA News >> A police computer has been stolen from a senior officer's >>car, it was confirmed today. >> Two youths snatched the laptop from a car being driven by >>Detective Superintendent Brian Edwards, who investigates major >>crimes in central London. >> Scotland Yard declined to comment on whether there was >>sensitive material on the computer though they stressed it was >>"security protected". o Taken by two youths when the car was stopped in traffic at about 1740 hrs Thursday June 27, 1996. o Police dismissed a report that the laptop contained information about two current, notorious cases, the Lawrence stabbing and the death of Member of Parliament Stephen Milligan, who was found naked except for suspenders and stockings with a plastic bag over his head and a noose of electrical cord around his---neck. >> Police advice to the public is not to put valuable items on >>the back seat, but to keep them in the boot. [DMK: Article makes no mention to the state of consciousness of the driver of a police car stopped in traffic. TBFTGOGGI (there but for....)] Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer Security Assoc. ------------------------------ Date: Thu, 27 Jun 1996 19:26:06 +0200 From: Tom McDermott Subject: Automatically generated typos in online Sydney Morning Herald The online Sydney Morning Herald (*) of June 28, 1996 contains the following phrases: "arjpgicial turf" and "The stereotypes Glover idenjpgied go like this" Someone has obviously done a search-and-replace to convert "tif" to "jpg" on the HTML source with the rather cryptic results above; I suspect the culprit is a single missing backslash - they've searched for '.tif' not '\.tif' The risk? Looking foolish by publishing nonsense. (*) To be found at Tom McDermott : spon@mpce.mq.edu.au ------------------------------ Date: Tue, 2 Jul 1996 08:41:11 +1000 From: colville@socs.uts.edu.au Subject: Grammar checkers I still treasure the following response by MS Word's grammar checker. When it came to the following fragment: The School reviews applications by students . . . The checker highlighted *School reviews*, and asked: Is this a misspelling? Is it the expression *Rigor mortis*? [It may know better than us how effective the reviews were] John Colville, School of Computing Sciences, University of Technology, Sydney P O Box 123 Broadway, NSW, Australia, 2007 +61 2 514 1854 ------------------------------ Date: Mon, 1 Jul 96 15:07:46 BST From: hdavies@kzin.mon.rnb.com (Hugh J.E. Davies) Subject: The computer is always right - again In RISKS-18.20, "Richard S. MacDonald" describes how he had trouble buying some ZIP disks because "the computer is always right", even though it was wrong. In the UK, we have a sales tax called VAT, which is levied on most things at 17.5% (It's a lot more complicated than that, but that's outside the scope of this posting.) One of the things that it's not levied on are books, which are zero-rated. Recently, I went into my local Ford dealer to buy a workshop manual for my car. They wanted the price listed, plus VAT, since car parts are liable to the tax. I pointed out that the workshop manual was a book, and therefore zero rated, but they said that the computer had no provision for selling zero rated items. Presumably, this is because car dealers are unlikely to sell the most common zero rated items (food, children's clothing, er, books). In the end, they manually calculated what the price had to be such that the price including VAT (which the computer insisted on adding) was the price excluding VAT, and they charged me that. Of course, this makes their VAT accounts wrong, which the Customs & Excise (who administer VAT) take very seriously. Afterwards, I called the Customs & Excise to confirm my stance, and they said that it sounded like this dealer could do with an audit ... Hugh ------------------------------ Date: Tue, 2 Jul 1996 12:42:26 +0200 From: Boyd Roberts Subject: Metro Machiniste leaves train for coffee Taking Metro line 6 in Paris from Etoile yesterday at around 9 am I arrived at Kleber and stood and watched while the station initiated departure signal sounded several times while the train didn't move. The train initiated departure/door-closure signal sounded as well but we still didn't move. Two other trains arrived on the parallel track and then departed, ahead of us, although we were on the 'primary' track. They had been diverted to the 'secondary'. I some fit of desperation I looked out from the first carriage and saw the machiniste (driver/motorman) appear from this small cabin at the head of the train with a cup of coffee (I presume). He then entered his compartment and the train departed. I can only assume that he was counting on the automatic re-routing of the subsequent trains. Or perhaps he signaled some sort of problem, while he made his coffee. Trains leave Etoile about every minute or less and then can be re-routed back to Etoile from Kleber to alleviate congestion on the platform. As I got off at Passy I remembered the story, reported in RISKS, about the Victoria line Tube train that departed without its driver. If only I'd been so lucky. ------------------------------ Date: Wed, 26 Jun 1996 13:35:25 +0100 From: frank@artcom.de (Frank Rieger) Subject: Blackmailing financial institutes - a real life story The HERF-against-banks-story from the Sunday Times 3 weeks ago was somewhat overhyped and has a lack of facts.. I have collected some facts on real blackmail attempts performed in Germany on a much lower, but maybe comparable level. Since February 1996 until last week a person named Markus S=F6hnke Ungerb=FChler was calling German banks and corporations, claiming he was a member of the Chaos Computer Club and has hacked the corporate computer system. He claimed, that he has his hands on data that proves tax manipulations and other illegal activities of this company. He also claimed the hacking of several systems in main German press magazines like stern and Spiegel. Ungerb=FChler asked the banks and companies for paying him some 1000 Deutschmarks for giving them the data "back". Another scheme was to ask for payment for removing allegedly planted negative-stories from the press computers. As known by now all of some dozen companies and banks paid in panic reaction for avoiding any press coverage. Only a very, very small minority of victims asked the police for help - after paying. In several cases Ungerb=FChler handed out some disks with the "data" in exchange for the money. These disks were empty. Mr. Ungerb=FChler has escaped in February from an psychiatric hospital, where he was arrested cause of being an proven schizophrenic and blackmailer. He started his activities two days after his getaway. He based in London and operated via some Fax- and Voicemail boxes. The investigation of the case was difficult, cause none of the victims was willing to prove the identity of the blackmailer for the police etc. (Ungerb=FChler used to show money couriers from the banks his authentic passport to prove he is the right person to receive the money) He is definitely not a member of the Chaos Computer Club and is, as far as known by now, unable to hack into computer systems. He is simply a confidence trickster. The case shows, how fast and easy big companies pay, if they fear press coverage of real or alleged problems. They pay to everyone who believable claims to be _able_ to perform hacking or electronic attacks. In the light of this case, I could imagine, that around 40 banks in London City have paid for being not attacked by HERF - without the real prove, that the blackmailers own such weapons. There is a real huge amount of irrationality in computer security issues, especially in the financial sector. It seems like no one trusts his security measures. As I have learned in this case, these security-guys are thinking all the time in a worst-case manner and if the worst case occurs they are unable to react rational. You did not need Schwartau-style doomsday-weapons for getting lots of money - ou only have to be eloquent and know the right buzzwords. Finally the Ungerb=FChler-case was mainly fixed cause of massive activities of an well-known international security company paid by one of the victims, not cause of so good cooperation between police and the victims. Frank (source: partly from Der Spiegel 24.6.1996, http://eunet.bda.de/bda/int/spon/magazin/gesel02.html) ------------------------------ Date: Tue, 25 Jun 96 9:37:56 EDT From: "Dennis G. Rears" Subject: Re: DoD and IRS tax systems (Wexelblat, RISKS-18.23) Richard L. Wexelblat writes: >Special note: I work for the IRS and have a work-related vested interest >============ in _not_ having the Department of Defense involved in > contracting for IRS software and systems. Therefore, > despite any claims of non-bias below, I am clearly > "interested" in the classical sense of the word. My special note: I work for the Army as a civilian. >That part out of the way, I'd like to say (as a private citizen, a >tax-and-spend liberal, and an almost-always defender of free speech and the >right of the citizen to privacy) that the present initiative by Congress to >have DoD become the contracting agent for IRS system and software >development is a clear and present danger to privacy in the Republic in >which we stand. I think it is funny that somebody from the IRS has the GALL to write about privacy worries about the DoD. This from a representative from an agency that wants access to all financial data from all its citizens. They want to know under criminal penalty about accounts outside the US borders. I don't even have to talk about the Social Security Number. >The initiative referred to above is in the "Subcommittee Mark" of the >proposed next year's budget. It's just a House Subcommittee so it's not >law, but it's a bad idea in my mind, even to consider it seriously. Is the >Department of Star Wars and the $700 toilet seat really so excellent a >contracting agency that they are the clear choice to handle IRS business? Typical attack based upon ignorance. First it is the Department of Defense. Second, he mentions the $700 toilet seat when in fact it was in the $600 range. For those who know about the $600 toilet seat, the cost is defensible. It was fabricated by an aircraft company at the request of the Air Force (not DoD). It was not mass produced and was made to AF specs. The company did not even want to make it. They produced it at cost. When a company produces a small amount of items they are expensive. I don't know the full details of the proposal. Is it the DoD, AF, or what agency that will procure the system? They do have separate procurement departments. They all operate under the FAR and Dod regulations but the AF and Army also have additional procurement regulations. >Well, that's my biased opinion, and I'd like very much to hear from >others who may have a more valid claim to disinterest! Well essentially there are no facts in this post. The IRS has already shown their incompetence in procuring ADP systems. If it is not the DoD, it might go to NASA or some other agency. Dennis ------------------------------ Date: Tue, 25 Jun 1996 10:46:19 -0400 From: "Scott A. Renner" Subject: Re: DOD and IRS tax systems (Wexelblat, RISKS-18.23) Where is the RISK? The term "Department of Star Wars" shows a political objection, not a technical one. The "$700 toilet seat" outrages usually turn out to be (a) priced the same as comparable civilian items; eg. aircraft coffee makers, emergency flashlights, or (b) priced according to procurement regulations imposed by Congress; $15 for the toilet seat, $685 for overhead and in any case do not tell us much about software development. True, the history of software development in the DOD is not a happy one, but then the IRS hasn't done very well in the past, either. In terms of privacy concerns, the IRS is *much* more threatening than the DOD. That threat is not changed if DOD contractors start writing IRS software. Having DOD develop software for the IRS does not especially strike me as one of the best ideas of the 1990s -- but where's the RISK? Dr. Scott A. Renner The MITRE Corporation P.O. Box 716 Langley AFB, VA 23665 USA +1 804 766-4592 sar@mitre.org ------------------------------ Date: Thu, 27 Jun 1996 14:12:51 -0400 From: Carl Minie Subject: Re: DoD and IRS tax systems (Wexelblat, RISKS-18.23) As an ex-liberal and small-l libertarian, I submit that the true danger to privacy in the Republic is the practice of gathering detailed financial information from all (law-abiding) Americans under threat of asset confiscation and jail terms, and then giving tens of thousands of government employees access to this information in the course of their employment. I further submit that passing a few wimpy privacy laws and expecting them to prevent this information from being used for personal and political purposes is magical thinking. It doesn't take a genius to surmise that IRS data is used regularly for illegal purposes by everyone from the sitting President (of either party) down to grudge-bearing neighbors and ex-spouses. I believe the IRS attempted to assess the depth of the problem in their Southeastern Region (where my mother worked) at one time, and stopped at well over 300 violations. You or I would have ended up at Leavenworth, but all but a few of the most egregious violators were simply warned not to do it again. You can take voluntary action to keep yourself out of the TRW/ Equifax/TransUnion food chain and off junk mail lists...but Federal law requires you to remain in the IRS's gunsights for your entire productive lifespan. Neither party supports privacy when it means privacy from the government; it is a Democratic president who is enthusiastically supporting the FBI and NSA in their efforts to prevent American citizens from using encryption that they can't break, and to require that every phone, fax, and modem in the United States contain a chip that would allow government agencies to tap in at will. Do I need to add here that the very concept of economic privacy is anathema to those who believe that a portion of everything you earn, keep, spend, or invest belongs to them, and that not handing over the fraction they demand is stealing from them? > Is the Department of Star Wars and the $700 toilet seat > really so excellent a contracting agency that they are the > clear choice to handle IRS business? I don't expect the IRS to be abolished anytime soon...but letting the DoD design its computer systems would be an acceptable second choice. The DoD may be expensive, but they're not very good. My fondest hope is that with a spanking new Government Issue computer system, the IRS that the GSA says can't figure out where 60% of its own budget goes won't be able to find 60% of mine. I don't like paying for $700 toilet seats (or $320,000 spotted owls) any more than you do. The solution which provides the smallest RISK to privacy is not to gather the data in the first place. If tax compliance is truly voluntary, then the IRS should trust that we are reading 21,000 pages of IRS rules and case law and sending in the correct amount. Long Pig ------------------------------ Date: Sun, 30 Jun 1996 05:48:07 -0400 From: KRaach@aol.com Subject: Digital Precipice: What the computer trade hides from their customers In Germany a new book has been published by Markus Gaulke that describes and illustrates (by citing hundreds of precise and real computer mishaps) the risks and dangers connected to the increasing use of information technology in all parts of human life. The book is very interesting reading, easy to understand and gives valuable insights. Unfortunately the book (344 pages) is published only in German so far (original titel: "Digitale Abgruende - Was die Computerbranche ihren Kunden verschweigt"; verlag moderne industrie, ISBN: 3-478-91510-4), but the author offers a Web Page in English about the contents of his book (http://members.aol.com/Secuinfo/welcome.html). Kirsten Raach, computer consultant ------------------------------ Date: 18 March 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for unabridged version of RISKS information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS ARCHIVES: "ftp ftp.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://ftp.sri.com/risks The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS PRIVACY: For info on the PRIVACY Forum Digest and Computer PRIVACY Digest, see the unabridged INFO file at RISKS-Request (send one-line message INFO to risks-request@CSL.sri.com as noted above). ------------------------------ End of RISKS-FORUM Digest 18.24 ************************